The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

EntityAttributeRegexMatchConfiguration

Owned by Scott Cantor
Last updated: Sept 29, 2021 by Rod Widdowson
1 min read

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The EntityAttributeRegexMatch type is a PolicyRule that returns true if the SAML metadata for the requester contains <mdattr:EntityAttribute> extension data matching the supplied parameterization.

Specifying the attributeNameFormat attribute in the rule will constrain the rule to match only against the underlying XML representation of the extension data. Omitting it will permit the rule to match against the data mapped from the XML via the AttributeRegistryConfiguration, which increases efficiency.

Reference

XML Attributes

Name

Type

Required?

Default

Description

Name

Type

Required?

Default

Description

attributeName

String

Y

 

The SAML Attribute Name to match against

attributeValueRegex

Pattern

Y

 

The regular expression to match against

attributeNameFormat

URI

 

 

The SAML Attribute NameFormat to test against (if not specified, then matching is solely based on the Name)

ignoreUnmappedEntityAttributes

Boolean

 

false

When true, this constrains the rule to ignore the underlying XML and match solely against the data mapped via the AttributeRegistryConfiguration

Example

The above policy would match the tags in the metadata below:

<PolicyRequirementRule xsi:type="EntityAttributeRegexMatch" attributeName="urn:example.org:policy" attributeValueRegex="^urn:mace:example\.org.*$" />



[...] <md:Extensions> <mdattr:EntityAttributes> <saml:Attribute Name="urn:mace:example.org:policy"> <saml:AttributeValue>urn:mace:example.org:policy:ABCD</saml:AttributeValue> <saml:AttributeValue>urn:mace:example.org:policy:1234</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="urn:mace:example.org:entitlements" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>urn:mace:example.org:entitlements:ABCD</saml:AttributeValue> <saml:AttributeValue>urn:mace:example.org:entitlements:1234</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> </md:Extensions> [...]