The Shibboleth IdP V4 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP5 wiki space for current documentation on the supported version.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Current »

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The ScopeRegex type matches attributes values against the supplied Pattern.

The ScopeRegex type can be a Matcher or a PolicyRequirement.

  • If no attributeID attribute is specified then it is a Matcher (returning the matching values present amongst the filtered attribute's values, and the empty set otherwise)

  • If an attributeID attribute is specified then it is a PolicyRule (returning true if a matching value is present amongst the values of the specified attribute).

Reference

Examples

Apply this rule if the attribute "EPSA" contains at least one scope value whose scope ends .edu:

Simple Profile Policy
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>

Add any scoped values of the attribute "uid" with scope ending ".edu" to its permitted values list:

Simple Matcher
<AttributeRule attributeID="uid">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" />
</AttributeRule>

Apply this rule if any attribute contains a scope value whose scope ends .edu:

Compound PolicyRule (deprecated)
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$"/>

If the attribute "epsa" contains any scoped which starts ends .edu then release all values of "email":

Compound Matcher (deprecated)
<AttributeRule attributeID="email">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>
</AttributeRule>


  • No labels