The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
ScopeConfiguration
Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Overview
The Scope
type compares the scope portion of scoped attributes values against the supplied string.
The Scope
type can be a Matcher or a PolicyRequirement.
If no
attributeID
attribute is specified then it is a Matcher (returning that value if it is present amongst the filtered attribute's values' scopes, and the empty set otherwise).If an
attributeID
attribute is specified then it is a PolicyRule (returning true if that that is present amongst the values' scopes for the specified attribute).
Reference
Examples
Apply this rule if the attribute "epsa" contains a value with scope "example.org" :
Simple Profile Policy
<PolicyRequirementRule xsi:type="Scope" value="example.org" attributeID="epsa"/>
If any scoped value of the attribute "epsa" has the scope "example.org" then add it to the permitted values to be release for "uid":
Simple Matcher
<AttributeRule attributeID="epsa">
<PermitValueRule xsi:type="Scope" value="example.org" caseSentitive="false" />
</AttributeRule>
Apply this rule if any attribute contains a scoped value with scope "example.org":
Compound PolicyRule (deprecated)
<PolicyRequirementRule xsi:type="Scope" value="example.org"/>
If the attribute "epsa" contains a scoped value with scope "example.org" then release all values of "email":
Compound Matcher (deprecated)