/
IdPFilterRequirementAttributeRequesterInEntityGroup

The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

IdPFilterRequirementAttributeRequesterInEntityGroup

Apr 16, 2015

Attribute Requester in Entity Group Matching Rule

This matching rules evaluates to true if the attribute requester's metadata is within a given entity group. An entity group is defined as any named <EntitiesDescriptor> element, i.e. the Name XML-Attribute of an <EntitiesDescriptor> element.

This filter requires that the metadata for the attribute requester is loaded and available.

Define the Rule

This rule is defined by the element <PolicyRequirementRule xsi:type="saml:AttributeRequesterInEntityGroup">, for policy requirements rules, and <PermitValueRule xsi:type="saml:AttributeRequesterInEntityGroup">, for permit value rules, with the following attributes:

  • groupID - the entity group to match
Example Policy Requirement Rule using the AttributeRequesterInEntityGroup Match Function
<PolicyRequirementRule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:example.org" />