The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

ValueMatchesShibMDScope

Owned by Rod Widdowson
Last updated: Jul 28, 2021
1 min read

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The ValueMatchesShibMDScope type is a Matcher which filters results based on <shibmd:Scope> elements contained in the <md:Extensions> element of the issuer's <md:EntityDescriptor> or <md:RoleDescriptor>.

The resulting set of attribute values will only contain:

  • String Attribute values

  • Values that match one of the values specified in a <shibmd:Scope> element within the issuer's <md:EntityDescriptor> or appropriate <md:RoleDescriptor>.

See ShibMetaExt V1.0 or https://wiki.oasis-open.org/security/SAMLSubjectIDAttr for more details on the metadata extension itself.

Example

<PermitValueRule xsi:type="ValueMatchesShibMDScope" />