Overview

The EntityAttributeExactMatch type is a PolicyRule that returns true if the SAML metadata for the requester contains <mdattr:EntityAttribute> extension data matching the supplied parameterization.

The values do not undergo any attribute mapping, which is to say applying the inverse of the SAML Attribute Encoding defined in the attribute-resolver.xml file. It therefore operates in terms of the SAML Attribute content in the metadata directly.

This is a PolicyRule that consults EntityAttribute extension "tags" in the metadata for an SP.

For a Matcher that consults <md:RequestedAttribute> metadata, use the AttributeInMetadata plugin type.

Schema Name

The EntityAttributeExactMatch type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated saml:EntityAttributeExactMatch type is defined in the urn:mace:shibboleth:2.0:afp:mf:saml namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd

Attributes

Name	Type	Required?	Description
attributeName	String	Y	The SAML Attribute `Name` to match against
attributeValue	String	Y	The string value to match against
attributeNameFormat	String (URI)		The SAML Attribute `NameFormat` to test against (if not specified, then matching is solely based on the `Name`)

Child Elements

None

Example

<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
	attributeName="urn:mace:example.org:policy" attributeValue="urn:mace:example.org:policy:ABCD1234" />

The above policy would match the tags in the metadata below:

[...]
<Extensions>
    <mdattr:EntityAttributes>
        <saml:Attribute Name="urn:mace:example.org:policy">
            <saml:AttributeValue>urn:mace:example.org:policy:ABCD</saml:AttributeValue>
            <saml:AttributeValue>urn:mace:example.org:policy:ABCD1234</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="urn:mace:example.org:entitlements"
				NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml:AttributeValue>urn:mace:example.org:entitlements:ABCD</saml:AttributeValue>
            <saml:AttributeValue>urn:mace:example.org:entitlements:1234</saml:AttributeValue>
        </saml:Attribute>
    </mdattr:EntityAttributes>
</Extensions>
[...]

Browser not supported