The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

NameIDFormatExactMatchConfiguration

Owned by Scott Cantor
Last updated: Nov 15, 2021
1 min read

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The NameIDFormatExactMatch type is a PolicyRule which returns true if the SAML metadata for a requester indicates support for the configured <NameID> format.

Reference

XML Attributes

Name

Type

Required?

Description

Name

Type

Required?

Description

nameIdFormat

URI

Y

The format to check for. Only exact matches against the <md:NameIDFormat> elements are made.

Example

This would match the following metadata excerpt:

<PolicyRequirementRule xsi:type="NameIDFormatExactMatch" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />



<SPSSODescriptor protocolSupportEnumeration="..."> [...] <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> [...] <SPSSODescriptor>

Â