The Shibboleth IdP V4 software will leave support on September 1, 2024.

ProxiedRequesterRegexConfiguration

Owned by Scott Cantor
Last updated: Nov 15, 2021
1 min read

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The ProxiedRequesterRegex is a PolicyRule which returns true if the current profile request includes a signal that a downstream system is the actual intended recipient of the information and that recipient's name matches the supplied Pattern. In SAML, this corresponds to an <AuthnRequest> carrying a <Scoping> element that includes a matching <RequesterID>.

This rule allows trusted proxies to receive attributes if they are expected to deliver them to a matching relying party.

Reference

Name

Type

Default

Description

Name

Type

Default

Description

regex

Pattern

 

Required, the Java regular expression to match against

caseSensitive

boolean

true

Whether the comparison is case sensitive

Example

Apply this rule if a proxied SP's name begins with "https://downstream.example.org/":

<PolicyRequirementRule xsi:type="ProxiedRequesterRegex" regex="^https://downstream\.example\.org/.*$" />