{"type":"doc","content":[{"type":"paragraph","content":[{"text":"Namespace:","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"urn:mace:shibboleth:2.0:afp","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"Schema: ","type":"text","marks":[{"type":"strong"}]},{"text":"http://shibboleth.net/schema/idp/shibboleth-afp.xsd","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/schema/idp/shibboleth-afp.xsd"}}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"An ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" element describes one set of filtering behaviors. It consists of two parts:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" which describes ","type":"text"},{"text":"when","type":"text","marks":[{"type":"em"}]},{"text":" the rule should be applied.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"A series of ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" elements which describe ","type":"text"},{"text":"what","type":"text","marks":[{"type":"em"}]},{"text":" the rule does.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"In each of these elements, what happens is defined by the ","type":"text"},{"text":"xsi:type","type":"text","marks":[{"type":"code"}]},{"text":" of the element; that is, the elements are plug-in points and the type indicates what plugin is used.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference","type":"text"}]},{"type":"expand","attrs":{"title":"XML Elements"},"content":[{"type":"table","attrs":{"layout":"default","localId":"46a7fe61-06a0-4978-b2f1-78657fd9d8aa"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[232.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[139.0]},"content":[{"type":"paragraph","content":[{"text":"Cardinality","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[875.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[232.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631535"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[139.0]},"content":[{"type":"paragraph","content":[{"text":"1","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[875.0]},"content":[{"type":"paragraph","content":[{"text":"Describes the conditions under which the policy applies to a request","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[232.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631522"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[139.0]},"content":[{"type":"paragraph","content":[{"text":"1 or more","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[875.0]},"content":[{"type":"paragraph","content":[{"text":"Describes the precise rules to apply if the policy applies","type":"text"}]}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"anchor","parameters":{"macroParams":{"":{"value":"CommonRuleTypes"}},"macroMetadata":{"macroId":{"value":"cd64d54e-56c5-42b2-ad76-43b426da3b3b"},"schemaVersion":{"value":"1"},"title":"Anchor"}},"localId":"3b07102d-385b-4270-805d-cbf56ff9211c"}},{"text":"Rule Types","type":"text"}]},{"type":"paragraph","content":[{"text":"As described ","type":"text"},{"text":"elsewhere","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631517#AttributeFilterConfiguration-Semantics"}}]},{"text":", both ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" elements can leverage any supported plugin type, although it is more usual for the <","type":"text"},{"text":"PolicyRequirementRule>","type":"text","marks":[{"type":"code"}]},{"text":" to be a PolicyRule plugin and for an ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" to be a Matcher plugin (these terms are defined ","type":"text"},{"text":"here","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631517#AttributeFilterConfiguration-PolicyRulesAndMatchers"}}]},{"text":").","type":"text"}]},{"type":"table","attrs":{"layout":"full-width","localId":"f2b701bd-cb42-4645-aa9b-8446bde7a76d"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"paragraph","content":[{"text":"RuleType","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule or Matcher","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631517#AttributeFilterConfiguration-PolicyRulesAndMatchers"}}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Function","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"type":"hardBreak"},{"text":"ANY","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Logically TRUE","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Set Unity","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"type":"hardBreak"},{"text":"AND","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631520"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Logical AND","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Set Intersection","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"type":"hardBreak"},{"text":"OR","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631534"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Logical OR","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Set Union","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":2,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"type":"hardBreak"},{"text":"NOT","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631532"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Logical NOT","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Set Inversion","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"Profile","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/2927493146"}}]},{"text":" 4.2","type":"text","marks":[{"type":"subsup","attrs":{"type":"sup"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Compare the active profile identifier to a string","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"Predicate","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631536"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Call an externally-defined predicate","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"Outbound","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Applies iff the system is filtering attributes that are being released to an external system (i.e., an SP). This is the \"traditional\" use of the filtering service.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"Inbound","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Applies iff the system is filtering attributes that have been received from an external system (i.e, another IdP).","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"Requester","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631542"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Compare the attribute recipient's name (typically an SP's entityID) to a string","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ProxiedRequester","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631539"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Compare a proxied attribute recipient's name (typically an SP's entityID) to a string","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"Issuer","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631528"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Compare the attribute issuer's name (typically a proxied IdP's entityID) to a string","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"PrincipalName","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631537"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Compare the principal name to a string","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"Value","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631547"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher, or PolicyRule if ","type":"text"},{"text":"attributeID","type":"text","marks":[{"type":"code"}]},{"text":" specified ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Compare attribute values to a string","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"Scope","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631544"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher, or PolicyRule if ","type":"text"},{"text":"attributeID","type":"text","marks":[{"type":"code"}]},{"text":" specified","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Compare the scope of a Scoped attribute value to a string","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"RequesterRegex","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631543"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match the attribute recipient's name (typically an SP's entityID) to a regular expression","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ProxiedRequesterRegex","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631540"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match a proxied attribute recipient's name (typically an SP's entityID) to a regular expression","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"IssuerRegex","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631529"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match the attribute issuer's name (typically a proxied IdP's entityID) to a regular expression","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"PrincipalNameRegex","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631538"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match the principal name to a regular expression","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ValueRegex","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631548"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher, or PolicyRule if ","type":"text"},{"text":"attributeID","type":"text","marks":[{"type":"code"}]},{"text":" specified","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match attribute values to a regular expression","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ScopeRegex","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631545"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher, or PolicyRule if ","type":"text"},{"text":"attributeID","type":"text","marks":[{"type":"code"}]},{"text":" specified","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match the scopes of scoped attribute values to a regular expression","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"Script","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631546"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Both","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Use a Java scripting language to implement a custom PolicyRule or Matcher","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"NumberOfAttributeValues","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631533"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Count the number of values for the specified Attribute","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"EntityAttributeExactMatch","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631525"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Exact match against ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" extension attributes (\"tags\") found in an attribute recipient's SAML metadata","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"EntityAttributeRegexMatch","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631526"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Regular expression match against ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" extension attributes (\"tags\") found in an attribute recipient's SAML metadata","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"IssuerEntityAttributeExactMatch","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1280180789"}}]},{"text":" ","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Exact match against ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" extension attributes (\"tags\") found in an attribute issuer's SAML metadata","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"IssuerEntityAttributeRegexMatch","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1280180783"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Regular expression match against ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" extension attributes (\"tags\") found in an attribute issuer's SAML metadata","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ProxiedRequesterEntityAttributeExactMatch","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/2927558657"}}]},{"text":" ","type":"text"},{"text":"4.2","type":"text","marks":[{"type":"subsup","attrs":{"type":"sup"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Exact match against ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" extension attributes (\"tags\") found in a proxied requester's SAML metadata. Exact semantics of a proxy in this sense depend on the profile/protocol in use.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ProxiedRequesterEntityAttributeRegexMatch","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/2927493125"}}]},{"text":" ","type":"text"},{"text":"4.2","type":"text","marks":[{"type":"subsup","attrs":{"type":"sup"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Regular expression match against ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" extension attributes (\"tags\") found in a proxied requester's SAML metadata. Exact semantics of a proxy in this sense depend on the profile/protocol in use.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"NameIDFormatExactMatch","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631531"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Compare against ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" element's inside the attribute recipient's SAML metadata","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"IssuerNameIDFormatExactMatch","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1289683711"}}]},{"text":" ","type":"text"},{"text":"4.1","type":"text","marks":[{"type":"subsup","attrs":{"type":"sup"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Compare against ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" element's inside the attribute issuer's SAML metadata","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"InEntityGroup","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631527"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Check the attribute recipient's SAML metadata for a matching ","type":"text"},{"text":" or ","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"IssuerInEntityGroup","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1280180768"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Check the attribute issuer's SAML metadata for a matching ","type":"text"},{"text":" or ","type":"text","marks":[{"type":"code"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ProxiedRequesterInEntityGroup","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/2927558685"}}]},{"text":" 4.2","type":"text","marks":[{"type":"subsup","attrs":{"type":"sup"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Check a proxied requester’s SAML metadata for a matching ","type":"text"},{"text":" or ","type":"text","marks":[{"type":"code"}]},{"text":". Exact semantics of a proxy in this sense depend on the profile/protocol in use.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"RegistrationAuthority","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631541"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match against the ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" extension in an attribute recipient's SAML metadata","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"IssuerRegistrationAuthority","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1280180773"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match against the ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" extension in an attribute issuer's SAML metadata","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ProxiedRequesterRegistrationAuthority","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/2927558699"}}]},{"text":" 4.2","type":"text","marks":[{"type":"subsup","attrs":{"type":"sup"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"PolicyRule","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match against the ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" extension in a proxied requester’s SAML metadata. Exact semantics of a proxy in this sense depend on the profile/protocol in use.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"AttributeInMetadata","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631521"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match attribute values against ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" elements associated with an ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" in an attribute recipient's SAML metadata","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ScopeMatchesShibMDScope","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1272053894"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match the scopes of scoped attribute values against the ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" metadata extension for the Issuer's ","type":"text"},{"text":"EntityDescriptor","type":"text","marks":[{"type":"code"}]},{"text":" or appropriate Role Descriptor.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[399.0]},"content":[{"type":"heading","attrs":{"level":4},"content":[{"text":"ValueMatchesShibMDScope","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1272053892"}}]},{"type":"hardBreak"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[206.0]},"content":[{"type":"paragraph","content":[{"text":"Matcher","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[732.0]},"content":[{"type":"paragraph","content":[{"text":"Match attribute values against the ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" metadata extension for the Issuer's ","type":"text"},{"text":"EntityDescriptor","type":"text","marks":[{"type":"code"}]},{"text":" or appropriate Role Descriptor.","type":"text"}]}]}]}]},{"type":"paragraph"}],"version":1}

Browser not supported