The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

NameIDFormatExactMatchConfiguration

Owned by Rod Widdowson
Last updated: Nov 08, 2017 by Scott Cantor
1 min read

Overview

The NameIDFormatExactMatch type is a PolicyRule which returns true if the SAML metadata for a requester indicates support for the configured <NameID> format.

Schema Name

The NameIDFormatExactMatch type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:AttributeRequesterRegex  type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Attributes

NameTypeRequired?Description
nameIdFormat
URIYThe format to check for. Only exact matches against the <md:NameIDFormat> elements are made.

Child Elements

None

Example

<PolicyRequirementRule xsi:type="NameIDFormatExactMatch"
	nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
This would match the following metadata extract:
<SPSSODescriptor protocolSupportEnumeration="...">
[...]
    <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
	<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
[...]
<SPSSODescriptor>