ScopeRegexConfiguration

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The ScopeRegex type matches attributes values against the supplied Pattern.

The ScopeRegex type can be a Matcher or a PolicyRequirement.

If no attributeID attribute is specified then it is a Matcher (returning the matching values present amongst the filtered attribute's values, and the empty set otherwise)
If an attributeID attribute is specified then it is a PolicyRule (returning true if a matching value is present amongst the values of the specified attribute).

Name	Type	Default	Description

Name	Type	Default	Description
attributeID	String		If this is present, then this is a PolicyRule returning true if the corresponding attribute exists and contains a value that matches. If this is not present, then this is a Matcher returning any value that matches, and the empty set otherwise.
regex	Pattern		The Java regular expression to match against
caseSensitive	boolean	true	Whether the comparison is case sensitive

Apply this rule if the attribute "EPSA" contains at least one scope value whose scope ends .edu:

<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>

Add any scoped values of the attribute "uid" with scope ending ".edu" to its permitted values list:

<AttributeRule attributeID="uid">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" />
</AttributeRule>

Apply this rule if any attribute contains a scope value whose scope ends .edu:

<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$"/>

If the attribute "epsa" contains any scoped which starts ends .edu then release all values of "email":