The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
PrincipalNameRegexConfiguration
Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Overview
The PrincipalNameRegex
type describes a PolicyRule which returns true if the canonicalized principal used to identify the user matches matches the supplied Pattern. See AuthenticationConfiguration for a discussion of principal name canonicalization during authentication. When filtering data resolved for SAML AttributeQuery requests, the value is produced via NameIDConsumptionConfiguration.
Reference
Example
Apply this rule if the principal starts with "hn":
<PolicyRequirementRule xsi:type="PrincipalNameRegex" regex="^hn.*$" />