ProxiedRequesterRegistrationAuthorityConfiguration

This feature requires V4.2 and above.

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The RegistrationAuthority type is a PolicyRule that returns true if a proxied requester is registered by a particular registrar or one of a set of registrars. Matching occurs against the RegistrationAuthority XML attribute value on the <mdrpi:RegistrationInfo> element (if any).

The notion of a “proxied requester” varies by profile/protocol/use case, and generally does not involve metadata. This rule can be applied in cases where metadata may be available (and is actually being accessed).

Reference

Name	Type	Required?	Description

Name	Type	Required?	Description
registrars	Whitespace-delimited list of URIs	Y	List of registrar IDs

Example

Apply this rule if the SP is a REFEDS Research & Scholarship service registered by MyFederation with the given registrar ID:

<PolicyRequirementRule xsi:type="AND">
  <Rule xsi:type="ProxiedRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <Rule xsi:type="ProxiedRequesterRegistrationAuthority" registrars="http://my.federation.org"/>
</PolicyRequirementRule>

Identity Provider 5

ProxiedRequesterRegistrationAuthorityConfiguration

Analytics

Overview

Reference

Example

Related content