The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

IdPFilterRequirementAttributeIssuerEntityAttributeExactMatch

Owned by ChadC
Last updated: May 20, 2013 by trscavo@internet2.eduVersion comment
1 min read

Attribute Issuer Entity Attribute Exact Matching Rule

This matching rules evaluates to true if the attribute issuer's metadata contains an Entity Attribute with a given value (since v2.3.4).

This filter requires that the metadata for the attribute issuer is loaded and available.
This filter only operates on Attribute elements within the EntityAttributes, it does not use any Assertion elements.

Define the Rule

This rule is defined by the element <PolicyRequirementRule xsi:type="saml:AttributeIssuerEntityAttributeExactMatch">, for policy requirements rules, and <PermitValueRule xsi:type="saml:AttributeIssuerEntityAttributeExactMatch">, for permit value rules, with the following required attributes:

  • attributeName - the name of the entity attribute
  • attributeValue - the value the entity attribute must have

This rule also supports the following optional attribute:

  • attributeNameFormat - the name format the entity attribute must have; otherwise any format is accepted
Example Policy Requirement Rule using the AttributeIssuerEntityAttributeExactMatch Match Function
<PolicyRequirementRule xsi:type="saml:AttributeIssuerEntityAttributeExactMatch" 
                       attributeName="urn:example.org:policy"
                       attributeValue="urn:example.org:policy:ABCD1234" />