Rule

The <Rule> element defines a specific access control requirement.

Attributes

Names

Type

Value

Description

Names

Type

Value

Description

require

string



One of a set of predefined "aliases" shown here to the left, or the ID/alias of an attribute to examine.

valid-user

A rule that requires an authenticated session, but nothing else.

user

A rule based on the REMOTE_USER identity for the request.

authnContextClassRef

A rule based on the SAML authentication context class or method asserted by the IdP.

authnContextDeclRef

A rule based on the SAML authentication context declaration asserted by the IdP.

list 

boolean

default true

Enables "list" processing on the element's content. If false, the element content is treated as a single value; otherwise, it's a space-delimited list of values.

Element Content

The element's content consists of the data to use as input to the rule. Multiple values can be supplied in a space-separated list, making the rule an implicit <OR>.