Page tree
Skip to end of metadata
Go to start of metadata

Overview

The ScopeRegex (basic:AttributeScopeRegex prior to V3.2) type matches attributes values against the supplied Java Regular Expression.

Confusingly, the ScopeRegex type can be a Matcher or a PolicyRequirement.

  • If no attributeID attribute is specified then it is a Matcher (returning that value if it is present amongst the values, and the empty set otherwise)
  • If an attributeID attribute is specified then it is a PolicyRule (returning true if that that is present amongst the values for the specified attribute).

Schema Name

The ScopeRegex type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:AttributeScopeRegex type was defined in the urn:mace:shibboleth:shibboleth:2.0:afp:basic namespace, the schema for which can be found at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Attributes

Three attributes may be specified

NameTypeDefaultDescription
attributeID StringnoneIf this is present, then this is a PolicyRule returning true if the corresponding attribute exists and contains a value that matches.
If this is not present, then this is a Matcher returning any value that matches, and the empty set otherwise.
regexPatternrequiredThe regular expression to match against

Child Elements

None

Examples

Simple Profile Policy
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>

Apply this rule if the attribute "EPSA" contains at least one scope value whose scope ends .edu.

Simple Matcher
<AttributeRule attributeID="uid">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" />
</AttributeRule>

Add any scoped values of the attribute "uid" with scope ending ".edu" to its permitted values list.

Compound PolicyRule (deprecated)
<afp:PolicyRequirementRule xsi:type="AttributeScopeRegex" regex="^.*\.edu$"/>

Apply this rule if any attribute contains a scope value whose scope ends .edu

Compound Matcher (deprecated)
<AttributeRule attributeID="email">
   <PermitValueRule xsi:type="ScopeRegex" regex="^.*\.edu$" attributeID="EPSA"/>
</AttributeRule>

If the attribute "epsa" contains any scoped which starts ends .edu then release all values of "email" .

  • No labels