<Rule> element defines a specific access control requirement.
- One of a set of predefined "aliases", or the ID/alias of an attribute to examine. The predefined aliases are:
- A rule that requires an authenticated session, but nothing else.
- A rule based on the REMOTE_USER identity for the request.
- A rule based on the SAML authentication context class or method asserted by the IdP.
- A rule based on the SAML authentication context declaration asserted by the IdP.
list (boolean) (defaults to true)
- Enables "list" processing on the element's content. If false, the element content is treated as a single value; otherwise, it's a space-delimited list of values.
The element's content consists of the data to use as input to the rule. Multiple values can be supplied in a space-separated list, making the rule an implicit