The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.
IssuerRegistrationAuthorityConfiguration
Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd
Overview
The IssuerRegistrationAuthority
type is a PolicyRule that returns true if the attribute issuer is registered by a particular registrar or one of a set of registrars. Matching occurs against the RegistrationAuthority
XML attribute value on the <mdrpi:RegistrationInfo>
element (if any).
Reference
XML Attributes
Name | Type | Required? | Description |
---|---|---|---|
registrars | Whitespace-delimited list of URIs | Y | List of registrar IDs |
Example
Apply this rule if the IdP is registered by MyFederation with the given registrar ID:
<PolicyRequirementRule xsi:type="IssuerRegistrationAuthority" registrars="http://my.federation.org"/>