The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

RegistrationAuthorityConfiguration

Owned by trscavo@internet2.edu
Last updated: Nov 08, 2017 by Scott Cantor
1 min read

Overview

The RegistrationAuthority type is a PolicyRule that returns true if the entity is registered by a particular registrar or one of a set of registrars. Matching occurs against the RegistrationAuthority XML attribute value on the <mdrpi:RegistrationInfo> element (if any).

Schema Name

The RegistrationAuthority type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated saml:RegistrationAuthority type is defined in the urn:mace:shibboleth:2.0:afp:mf:saml namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-saml.xsd

Attributes

One attribute must be specified:

  • registrars
    •  A required attribute that specifies a space-separated list of registrar IDs

Child Elements

None

Example

Apply this rule if the SP is a REFEDS Research & Scholarship service registered by MyFederation with the given registrar ID:

<PolicyRequirementRule xsi:type="AND">
  <Rule xsi:type="EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <Rule xsi:type="RegistrationAuthority" registrars="http://my.federation.org"/>
</PolicyRequirementRule>