The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
IssuerConfiguration
Overview
The Issuer type (basic:AttributeIssuerString prior to V3.4) is a PolicyRule which returns true if the name (generally the SAML entityID) of the system issuing the attributes (usually the IdP itself) matches a supplied string. It's not commonly needed but is of use in "multi-homing" scenarios in which the IdP may be representing multiple sources of attributes.
Schema Type and Location
The Issuer type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
The deprecated basic:AttributeIssuerString type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd
Reference
Attributes
Name | Type | Default | Description |
|---|---|---|---|
| String |
| Required, the string to match against |
| Boolean | false | Optional, specifies how to perform the comparison |
Child Elements
None
Example
The example reads "Apply this rule if the attribute issuer is named 'https://idp.example.org'".
<PolicyRequirementRule xsi:type="Issuer" value="https://idp.example.org" />