The Shibboleth IdP V4 software will leave support on September 1, 2024.

PrincipalNameConfiguration

Owned by Scott Cantor
Last updated: Nov 15, 2021
1 min read

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The PrincipalName type describes a PolicyRule which returns true if the canonicalized principal used to identify the subject matches the supplied string. See AuthenticationConfiguration for a discussion of principal name canonicalization during authentication. When filtering data resolved for SAML AttributeQuery requests, the value is produced via NameIDConsumptionConfiguration.

Reference

Name

Type

Default

Description

Name

Type

Default

Description

value

String

 

Required, the string to match against

caseSensitive

Boolean

true

Optional, specifies how to perform the comparison

Example

Apply this rule if the principal is "hnelson":

<PolicyRequirementRule xsi:type="PrincipalName" value="hnelson" />