basic:AttributeScopeRegex prior to V3.2) type matches attributes values against the supplied Java Regular Expression.
ScopeRegex type can be a Matcher or a PolicyRequirement.
- If no
attributeIDattribute is specified then it is a Matcher (returning that value if it is present amongst the values, and the empty set otherwise)
- If an
attributeIDattribute is specified then it is a PolicyRule (returning true if that that is present amongst the values for the specified attribute).
ScopeRegex type is defined in the
namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
basic:AttributeScopeRegex type was defined in the
urn:mace:shibboleth:shibboleth:2.0:afp:basic namespace, the schema for which can be found at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd
Three attributes may be specified
|String||none||If this is present, then this is a PolicyRule returning true if the corresponding attribute exists and contains a value that matches.|
If this is not present, then this is a Matcher returning any value that matches, and the empty set otherwise.
|Pattern||required||The regular expression to match against|
Apply this rule if the attribute "EPSA" contains at least one scope value whose scope ends .edu.
Add any scoped values of the attribute "uid" with scope ending ".edu" to its permitted values list.
Apply this rule if any attribute contains a scope value whose scope ends .edu
If the attribute "epsa" contains any scoped which starts ends .edu then release all values of "email" .