The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

PrincipalNameRegexConfiguration

Owned by Rod Widdowson
Last updated: Nov 03, 2017 by Scott Cantor

Overview

The PrincipalNameRegex (basic:PrincipalNameRegex prior to V3.2) type describes a PolicyRule which returns true if the canonicalized principal used to identify the user matches matches the supplied Java regular expression. See AuthenticationConfiguration for a discussion of principal name canonicalization during authentication.

Schema Name

The PrincipalNameRegex type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:PrincipalNameRegex type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Attributes

Only one attributes may be specified

  • regex : a required attribute which specifies the java regular expression to match against

Child Elements

None

Example

<PolicyRequirementRule xsi:type="PrincipalNameRegex" regex="^hn.*$" />
Apply this rule if the principal starts with "hn"