Documentation On shib-attr allowed regex?

Cantor, Scott cantor.2 at
Wed Aug 1 14:31:25 EDT 2018

On 8/1/18, 2:22 PM, "users on behalf of Bryan K. Walton" <users-bounces at on behalf of bwalton+1533146256 at> wrote:

> Can anybody point me to some documentation on what are the allowed
> regular expressions when setting up shib-attr to control authorization
> in Apache?

I just answered this the other day, there is none. I have no idea what Xerces supports so there is no answer. Avoiding exotic expressions is strongly advisable but yours aren't so my guess is you're not looking at the data you think. Hidden characters perhaps, who knows.

> We are working with an IdP that send multiple attributes, in a comma separated string.

That's a definite misuse of SAML.
-- Scott

More information about the users mailing list