The <Rule> element defines a specific access control requirement.

Attributes

require (string)
- One of a set of predefined "aliases", or the ID/alias of an attribute to examine. The predefined aliases are:
  - valid-user
    - A rule that requires an authenticated session, but nothing else.
  - user
    - A rule based on the REMOTE_USER identity for the request.
  - authnContextClassRef
    - A rule based on the SAML authentication context class or method asserted by the IdP.
  - authnContextDeclRef
    - A rule based on the SAML authentication context declaration asserted by the IdP.

list (boolean) (defaults to true)
- Enables "list" processing on the element's content. If false, the element content is treated as a single value; otherwise, it's a space-delimited list of values.

Element Content

The element's content consists of the data to use as input to the rule. Multiple values can be supplied in a space-separated list, making the rule an implicit <OR>.