/
EntityAttributeExactMatchConfiguration

EntityAttributeExactMatchConfiguration

Owned by Scott Cantor
Last updated: Nov 14, 2023
1 min read

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The EntityAttributeExactMatch type is a PolicyRule that returns true if the SAML metadata for the requester contains <mdattr:EntityAttribute> extension data matching the supplied parameterization.

Specifying the attributeNameFormat attribute in the rule will constrain the rule to match only against the underlying XML representation of the extension data. Omitting it will permit the rule to match against the data mapped from the XML via the AttributeRegistryConfiguration, which increases efficiency.

Reference

Name

Type

Required?

Default

Description

Name

Type

Required?

Default

Description

attributeName

String

Y

 

The SAML Attribute Name to match against

attributeValue

String

Y

 

The string value to match against

attributeNameFormat

URI

 

 

The SAML Attribute NameFormat to test against (if not specified, then matching is solely based on the Name)

ignoreUnmappedEntityAttributes

Boolean

 

false

When true, this constrains the rule to ignore the underlying XML and match solely against the data mapped via the AttributeRegistryConfiguration

Example

The above policy would match the tags in the metadata below:

<PolicyRequirementRule xsi:type="EntityAttributeExactMatch" attributeName="urn:mace:example.org:policy" attributeValue="urn:mace:example.org:policy:ABCD1234" />

 

[...] <Extensions> <mdattr:EntityAttributes> <saml:Attribute Name="urn:mace:example.org:policy"> <saml:AttributeValue>urn:mace:example.org:policy:ABCD</saml:AttributeValue> <saml:AttributeValue>urn:mace:example.org:policy:ABCD1234</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="urn:mace:example.org:entitlements" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>urn:mace:example.org:entitlements:ABCD</saml:AttributeValue> <saml:AttributeValue>urn:mace:example.org:entitlements:1234</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> </Extensions> [...]

 

Related content