<Rule> element defines a specific access control requirement.
One of a set of predefined "aliases" shown here to the left, or the ID/alias of an attribute to examine.
A rule that requires an authenticated session, but nothing else.
A rule based on the REMOTE_USER identity for the request.
A rule based on the SAML authentication context class or method asserted by the IdP.
A rule based on the SAML authentication context declaration asserted by the IdP.
Enables "list" processing on the element's content. If false, the element content is treated as a single value; otherwise, it's a space-delimited list of values.
The element's content consists of the data to use as input to the rule. Multiple values can be supplied in a space-separated list, making the rule an implicit