Rule
- Rod Widdowson
- Scott Cantor
The <Rule> element defines a specific access control requirement.
Attributes
Names | Type | Value | Description |
|---|---|---|---|
require | string | One of a set of predefined "aliases" shown here to the left, or the ID/alias of an attribute to examine. | |
valid-user | A rule that requires an authenticated session, but nothing else. | ||
user | A rule based on the REMOTE_USER identity for the request. | ||
authnContextClassRef | A rule based on the SAML authentication context class or method asserted by the IdP. | ||
authnContextDeclRef | A rule based on the SAML authentication context declaration asserted by the IdP. | ||
list | boolean | default true | Enables "list" processing on the element's content. If false, the element content is treated as a single value; otherwise, it's a space-delimited list of values. |
Element Content
The element's content consists of the data to use as input to the rule. Multiple values can be supplied in a space-separated list, making the rule an implicit <OR>.