Overview

The ScopeRegex (basic:AttributeScopeRegex prior to V3.2) type matches attributes values against the supplied Java Regular Expression.

Confusingly, the ScopeRegex type can be a Matcher or a PolicyRequirement.

If no attributeID attribute is specified then it is a Matcher (returning that value if it is present amongst the values, and the empty set otherwise)
If an attributeID attribute is specified then it is a PolicyRule (returning true if that that is present amongst the values for the specified attribute).

Schema Name

The ScopeRegex type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:AttributeScopeRegex type was defined in the urn:mace:shibboleth:shibboleth:2.0:afp:basic namespace, the schema for which can be found at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Three attributes may be specified

Name	Type	Default	Description
`attributeID`	String	none	If this is present, then this is a PolicyRule returning true if the corresponding attribute exists and contains a value that matches. If this is not present, then this is a Matcher returning any value that matches, and the empty set otherwise.
`regex`	Pattern	required	The regular expression to match against

None

Simple Profile Policy

<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>

Apply this rule if the attribute "EPSA" contains at least one scope value whose scope ends .edu.

Simple Matcher

<AttributeRule attributeID="uid">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" />
</AttributeRule>

Add any scoped values of the attribute "uid" with scope ending ".edu" to its permitted values list.

Compound PolicyRule (deprecated)

<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$"/>

Apply this rule if any attribute contains a scope value whose scope ends .edu

Compound Matcher (deprecated)

<AttributeRule attributeID="email">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>
</AttributeRule>

If the attribute "epsa" contains any scoped which starts ends .edu then release all values of "email" .