The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
ProxiedRequesterConfiguration
Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Overview
The ProxiedRequester
type is a PolicyRule which returns true if the current profile request includes a signal that a downstream system is the actual intended recipient of the information and that recipient's name matches a supplied string. In SAML, this corresponds to an <AuthnRequest>
carrying a <Scoping>
element that includes a matching <RequesterID>
.
This rule allows trusted proxies to receive attributes if they are expected to deliver them to a specific relying party.
Reference
Example
The example reads "Apply this rule if a proxied system is named 'https://downstream.example.org'".
<PolicyRequirementRule xsi:type="ProxiedRequester" value="https://downstream.example.org" />