The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

PrincipalNameConfiguration

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The PrincipalName type describes a PolicyRule which returns true if the canonicalized principal used to identify the subject matches the supplied string. See AuthenticationConfiguration for a discussion of principal name canonicalization during authentication. When filtering data resolved for SAML AttributeQuery requests, the value is produced via NameIDConsumptionConfiguration.

Reference

Name

Type

Default

Description

Name

Type

Default

Description

value

String

 

Required, the string to match against

caseSensitive

Boolean

true

Optional, specifies how to perform the comparison

Example

Apply this rule if the principal is "hnelson":

<PolicyRequirementRule xsi:type="PrincipalName" value="hnelson" />