{"type":"doc","content":[{"type":"paragraph","content":[{"text":"Namespace: ","type":"text","marks":[{"type":"strong"}]},{"text":"urn:mace:shibboleth:2.0:afp","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"Schema:","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"http://shibboleth.net/schema/idp/shibboleth-afp.xsd","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/schema/idp/shibboleth-afp.xsd"}}]}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"cbdd3ba5-8310-48e6-9214-b1b1dc4613c4"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"e025ace0-1ca2-437b-9f96-ec11293a8d86"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"OR","type":"text","marks":[{"type":"code"}]},{"text":" type is one of a very few filter plugin types which can function as a PolicyRule or a Matcher. It takes its behavior from its location. If it is defined within a <","type":"text"},{"text":"PolicyRequirementRule","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/IDP4/pages/1265631535"}}]},{"text":"> (either directly or as a child of other logical operations), then it acts as a PolicyRule, otherwise it acts as a Matcher.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference","type":"text"}]},{"type":"paragraph","content":[{"text":"At least one ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" element must be present (these are interpreted as ","type":"text"},{"text":"either","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" or ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":"/","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" based on the context).","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"PolicyRule Semantics","type":"text"}]},{"type":"paragraph","content":[{"text":"When used as a PolicyRule, the result is the logical OR of the evaluation of the child rules.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Example","type":"text"}]},{"type":"paragraph","content":[{"text":"The example means that the rule is applied if:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The principal is jsmith ","type":"text"},{"text":"or","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The SP is named https://sp.example.org","type":"text"},{"text":" or","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"The SP is named https://sp2.example.org","type":"text"}]}]}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n \n \n \n","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Matcher Semantics","type":"text"}]},{"type":"paragraph","content":[{"text":"When used as a Matcher, the allow or deny set result is the union of all sets resulting from the child rules (that is, it is the set of items in the results of any of the child rules).","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Example","type":"text"}]},{"type":"paragraph","content":[{"text":"The example reads \"Release those values for the attribuite 'uid' which match either of the regular expressions (starting with jsmi or ending with th).\"","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n \n \n \n \n","type":"text"}]},{"type":"paragraph"}],"version":1}