The Authenticating IDP condition allows you to assign a role based on the identity provider that authenticated the current user. To use this condition, you must have set up a trusted relationship with more than one identity provider. See Section 2.8.3, Managing Trusted Providers.
The most common way to use this condition is when you have a service provider that has been configured to trust two identity providers and you want to assign a role based on which identity provider authenticated the user. To configure such a policy:
Set the Authenticating IDP field to [Current]
Set the Value field to Authenticating IDP
Select the name of an identity provider
For the condition to evaluate to True, the identity provider specified in the policy must be the one that the user selected for authentication.
Comparison: Specify how the contract is compared to the data in Value. Select a string comparison or a regular expression:
Comparison: String: Specifies that you want the values compared as strings and how you want the string values compared. Select one of the following:
Equals: Indicates that the values must match, letter for letter.
Starts with: Indicates that the Authenticating IDP value must begin with the letters specified in Value.
Ends with: Indicates that the Authenticating IDP value must end with the letters specified in Value.
Contains Substring: Indicates that the Authenticating IDP value must contain the letters, in the same sequence, as specified in Value.
Comparison: Regular Expression: Matches: Specifies that you want the values compared as regular expressions.
Mode: Select the mode appropriate for the comparison type:
Comparison: String: Select Case Sensitive or Case Insensitive.
Comparison: Regular Expression: Matches: Select one or more of the following:
For regular expression syntax information, see the Javadoc for java.util.regex.Pattern.
Value: Specify the value you want to compare with the Authenticating IDP value. If you select a static value for the Authenticating IDP value, select Authenticating IDP and Current. If you select Current for the Authenticating IDP value, select Authenticating IDP, then select the name of an identity provider.
Other value types are possible if you selected Current for the Authenticating IDP value. Your policy requirements determine whether they are useful.
Result on Condition Error: Specify what the condition returns when the comparison of the two values returns an error rather than the results of the comparison. Select either False or True. If you do not want the action applied when an error occurs, select False. If you want the action applied when an error occurs, select True.