The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

IssuerRegexConfiguration

Owned by Scott Cantor
Last updated: Nov 02, 2017
1 min read

Overview

The IssuerRegex (basic:AttributeIssuerRegex prior to V3.4) is a PolicyRule which returns true if the entityID of the party issuing the attributes (usually the IdP itself) matches the supplied Java regular expression. It's not commonly needed but is of use in "multi-homing" scenarios in which the IdP may be representing multiple sources of attributes.

Schema Name

The IssuerRegex type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:AttributeIssuerRegex type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Attributes

Only one attribute may be specified

  • regex : a required attribute which specifies the java regular expression to match against

Child Elements

None

Example

<PolicyRequirementRule xsi:type="IssuerRegex" regex="^https://idp\.example\.org/.*$" />
Apply this rule if the IdP entityID starts with "https://idp.example.org/".