-
Notifications
You must be signed in to change notification settings - Fork 7
oidcext:OIDCScope
Scott Cantor edited this page Feb 22, 2021
·
5 revisions
The OIDCScope type is a PolicyRule which returns true if any of the scope values in the authentication request matches a supplied string. The scope requested must be a scope registered to client metadata.
The type itself is defined within the org.geant.idpextension.oidc.attribute.filter, the schema for which can be located at https://github.com/CSCfi/shibboleth-idp-oidc-extension/blob/master/idp-oidc-extension-impl/src/main/resources/schema/idp-oidc-extension-afp.xsd. The reference project locates the schema from classpath:/schema/idp-oidc-extension-afp.xsd.
- value that is of type string. The attribute is required and is the string to match against.
Example reads "Apply this rule if the authentication request contains scope value mail".
<PolicyRequirementRule xsi:type="oidcext:OIDCScope" value="mail" />
(Migrated)