The Shibboleth IdP V4 software will leave support on September 1, 2024.

IssuerRegistrationAuthorityConfiguration

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The IssuerRegistrationAuthority type is a PolicyRule that returns true if the attribute issuer is registered by a particular registrar or one of a set of registrars. Matching occurs against the RegistrationAuthority XML attribute value on the <mdrpi:RegistrationInfo> element (if any).

Reference

XML Attributes

Name

Type

Required?

Description

Name

Type

Required?

Description

registrars

Whitespace-delimited list of URIs

Y

List of registrar IDs

Example

Apply this rule if the IdP is registered by MyFederation with the given registrar ID:

<PolicyRequirementRule xsi:type="IssuerRegistrationAuthority" registrars="http://my.federation.org"/>