attribute-rule

Syntax

attribute-rule ={+|-}<attribute>

Description

The rules which define the credential attributes which will be included in the credential viewer response. This entry may be repeated multiple times, once for each rule which is to be defined.

Each attribute in the credential will be matched against each rule in order until a match is found. The corresponding prefix (+|-) will then be used to control whether the attribute is included or excluded from the response. If no matching rule is found the attribute will be included in the response.

The configuration entry could alternatively contain the name of a single credential attribute whose value is used to define the attribute rules. In this scenario each individual rule in the attribute should be separated by a space character. If only a single attribute-rule configuration entry is defined, and the entry does not start with a '+' or '-' character, it will be used as the name of the credential attribute which contains the attribute rules.

Options

+

Indicates that the attribute should be included.

-

Indicates that the attribute should be excluded.

<attribute>

The name of the attribute to which this rule applies (the ‘*?’ pattern matching characters can be used), or the name of the attribute whose value contains the attribute rules.

Usage

This stanza entry is optional.

Default Value

None

Example

attribute-rule = -AUTHENTICATION_LEVEL
or
attribute-rule = FILTER_RULE