The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
AttributeFilterLegacyNameSpaceMapping
- Rod Widdowson
- Scott Cantor
- trscavo@internet2.edu
In V3.2.0, the need for multiple XML namespaces in the filter policy syntax was removed. With the exception of some deprecated Matchers and Policy Rules, everything can now be expressed within the urn:mace:shibboleth:2.0:afp namespace. Many of the Matchers and Policy Rules preserve the same names (so, assuming the above namespace is the default in effect, xsi:type="basic:AND" becomes xsi:type="AND"), but some have been abbreviated.
The following table shows the appropriate mappings. See AttributeFilterPolicyConfiguration for the documentation.
The legacy types will be removed upon the release of V4.0.
The table's middle column assumes that the default XML namespace in the file is urn:mace:shibboleth:2.0:afp namespace; if not, then an appropriate prefix (likely "afp") would have to be used.
| Legacy Type | Current Type | Notes |
|---|---|---|
basic:AND | AND | |
basic:ANY | ANY | |
basic:AttributeIssuerRegex | IssuerRegex 3.4 | Was scheduled for deprecation as of V3.3 but is restored as of V3.4. |
basic:AttributeIssuerString | Issuer 3.4 | Was scheduled for deprecation as of V3.3 but is restored as of V3.4. |
basic:AttributeRequesterRegex | RequesterRegex | |
basic:AttributeRequesterString | Requester | |
basic:AttributeScopeRegex | ScopeRegex | |
basic:AttributeScopeString | Scope | |
basic:AttributeValueRegex | ValueRegex | |
basic:AttributeValueString | Value | |
basic:AuthenticationMethodRegex | AuthenticationMethodRegex | |
basic:AuthenticationMethodString | AuthenticationMethod | |
basic:NOT | NOT | |
basic:NumberOfAttributeValues | NumberOfAttributeValues | |
basic:OR | OR | |
basic:Predicate | Predicate | |
basic:PrincipalNameRegex | PrincipalNameRegex | |
basic:PrincipalNameString | PrincipalName | |
basic:Rule | Rule | |
basic:Script | Script | |
saml:AttributeInMetadata | AttributeInMetadata | |
saml:AttributeIssuerEntityAttributeExactMatch | Never supported in V3. Error issued. | |
saml:AttributeIssuerEntityAttributeRegexMatch | Never supported in V3. Error issued. | |
saml:AttributeIssuerInEntityGroup | Never supported in V3. Error issued. | |
saml:AttributeIssuerNameIDFormatExactMatch | Never supported in V3. Error issued. | |
saml:AttributeRequesterEntityAttributeExactMatchsaml:EntityAttributeExactMatch | EntityAttributeExactMatch | |
saml:AttributeRequesterEntityAttributeRegexMatchsaml:EntityAttributeRegexMatch | EntityAttributeRegexMatch | |
saml:AttributeRequesterInEntityGroupsaml:InEntityGroup | InEntityGroup | |
| NameIDFormatExactMatch | |
saml:MappedAttributeInMetadata | MappedAttributeInMetadata | |
saml:RegistrationAuthority | RegistrationAuthority |