Overview

The IssuerRegex (basic:AttributeIssuerRegex prior to V3.4) is a PolicyRule which returns true if the entityID of the party issuing the attributes (usually the IdP itself) matches the supplied Java regular expression. It's not commonly needed but is of use in "multi-homing" scenarios in which the IdP may be representing multiple sources of attributes.

Schema Name

The IssuerRegex type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:AttributeIssuerRegex type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Attributes

Only one attribute may be specified

regex : a required attribute which specifies the java regular expression to match against

Child Elements

None

Example

<PolicyRequirementRule xsi:type="IssuerRegex" regex="^https://idp\.example\.org/.*$" />

Apply this rule if the IdP entityID starts with "https://idp.example.org/".

Browser not supported