/
EntityAttributeRegexMatchConfiguration

The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

EntityAttributeRegexMatchConfiguration

Owned by Rod Widdowson
Last updated: Nov 08, 2017 by Scott Cantor

Overview

The EntityAttributeRegexMatch type is a PolicyRule that returns true if the SAML metadata for the requester contains <mdattr:EntityAttribute> extension data matching the supplied parameterization.

The values do not undergo any attribute mapping, which is to say applying the inverse of the SAML Attribute Encoding defined in the attribute-resolver.xml file. It therefore operates in terms of the SAML Attribute content in the metadata directly.

Schema Name

The EntityAttributeRegexMatch type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated saml:EntityAttributeRegexMatch type is defined in the urn:mace:shibboleth:2.0:afp:mf:saml namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd

Attributes

NameTypeRequired?Description
attributeName
StringY

The SAML Attribute Name to match against

attributeValueRegex
StringYThe regular expression to match against
attributeNameFormat
String (URI)
The SAML Attribute NameFormat to test against (if not specified, then matching is solely based on the Name)

Child Elements

None

Example

<PolicyRequirementRule xsi:type="EntityAttributeRegexMatch"
	attributeName="urn:example.org:policy" attributeValueRegex="^urn:mace:example.org.*$" />
The above policy would match the tags in the metadata below:


[...]
<Extensions>
    <mdattr:EntityAttributes>
        <saml:Attribute Name="urn:mace:example.org:policy">
            <saml:AttributeValue>urn:mace:example.org:policy:ABCD</saml:AttributeValue>
            <saml:AttributeValue>urn:mace:example.org:policy:1234</saml:AttributeValue>
        </saml:Attribute>
        <saml:Attribute Name="urn:mace:example.org:entitlements"
				NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml:AttributeValue>urn:mace:example.org:entitlements:ABCD</saml:AttributeValue>
            <saml:AttributeValue>urn:mace:example.org:entitlements:1234</saml:AttributeValue>
        </saml:Attribute>
    </mdattr:EntityAttributes>
</Extensions>
[...]



Related content