The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
ScopeRegexConfiguration
Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Overview
The ScopeRegex
type matches attributes values against the supplied Pattern.
The ScopeRegex
type can be a Matcher or a PolicyRequirement.
If no
attributeID
attribute is specified then it is a Matcher (returning the matching values present amongst the filtered attribute's values, and the empty set otherwise)If an
attributeID
attribute is specified then it is a PolicyRule (returning true if a matching value is present amongst the values of the specified attribute).
Reference
Examples
Apply this rule if the attribute "EPSA" contains at least one scope value whose scope ends .edu:
Simple Profile Policy
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>
Add any scoped values of the attribute "uid" with scope ending ".edu" to its permitted values list:
Simple Matcher
<AttributeRule attributeID="uid">
<PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" />
</AttributeRule>
Apply this rule if any attribute contains a scope value whose scope ends .edu:
Compound PolicyRule (deprecated)
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$"/>
If the attribute "epsa" contains any scoped which starts ends .edu then release all values of "email":
Compound Matcher (deprecated)