The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

NativeSPACRule

Owned by Scott Cantor
Last updated: Dec 29, 2007Version comment
1 min read

The <Rule> element defines a specific access control requirement.

Attributes

  • require (string)
    • One of a set of predefined "aliases", or the ID/alias of an attribute to examine. The predefined aliases are:
      • valid-user
        • A rule that requires an authenticated session, but nothing else.
      • user
        • A rule based on the REMOTE_USER identity for the request.
      • authnContextClassRef
        • A rule based on the SAML authentication context class or method asserted by the IdP.
      • authnContextDeclRef
        • A rule based on the SAML authentication context declaration asserted by the IdP.
  • list (boolean) (defaults to true)
    • Enables "list" processing on the element's content. If false, the element content is treated as a single value; otherwise, it's a space-delimited list of values.

Element Content

The element's content consists of the data to use as input to the rule. Multiple values can be supplied in a space-separated list, making the rule an implicit <OR>.