IssuerNameIDFormatExactMatchConfiguration

Owned by Scott Cantor
Last updated: Nov 14, 2023
1 min read

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The IssuerNameIDFormatExactMatch type is a PolicyRule which returns true if the SAML metadata for an issuer indicates support for the configured <NameID> format.

Reference

Name

Type

Required?

Description

Name

Type

Required?

Description

nameIdFormat

URI

Y

The format to check for. Only exact matches against the <md:NameIDFormat> elements are made.

Example

<PolicyRequirementRule xsi:type="IssuerNameIDFormatExactMatch" nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />

This would match the following metadata excerpt:

<IDPSSODescriptor protocolSupportEnumeration="..."> [...] <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> [...] <IDPSSODescriptor>

Â