The ProxiedRequesterRegex is a PolicyRule which returns true if the current profile request includes a signal that a downstream system is the actual intended recipient of the information and that recipient's name matches the supplied Java regular expression. In SAML, this corresponds to an <AuthnRequest> carrying a <Scoping> element that includes a matching <RequesterID>.
The ProxiedRequesterRegex type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Only one attribute may be specified
regex : a required attribute which specifies the java regular expression to match againstNone
<PolicyRequirementRule xsi:type="ProxiedRequesterRegex" regex="^https://downstream.example.org/.*$" /> |