ProxiedRequesterRegistrationAuthorityConfiguration

Owned by Scott Cantor
May 02, 2023
1 min read

This feature requires V4.2 and above.

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The RegistrationAuthority type is a PolicyRule that returns true if a proxied requester is registered by a particular registrar or one of a set of registrars. Matching occurs against the RegistrationAuthority XML attribute value on the <mdrpi:RegistrationInfo> element (if any).

The notion of a “proxied requester” varies by profile/protocol/use case, and generally does not involve metadata. This rule can be applied in cases where metadata may be available (and is actually being accessed).

Reference

Name

Type

Required?

Description

Name

Type

Required?

Description

registrars

Whitespace-delimited list of URIs

Y

List of registrar IDs

Example

Apply this rule if the SP is a REFEDS Research & Scholarship service registered by MyFederation with the given registrar ID:

<PolicyRequirementRule xsi:type="AND"> <Rule xsi:type="ProxiedRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <Rule xsi:type="ProxiedRequesterRegistrationAuthority" registrars="http://my.federation.org"/> </PolicyRequirementRule>