Attribute filter policy conditional on existence of attribute?

Baron Fujimoto baron at
Fri Nov 18 18:20:52 UTC 2022

Using ValueRegex, this seems to work:

    <AttributeFilterPolicy id="example">
        <PolicyRequirementRule xsi:type="Requester"
                value="" />

        <AttributeRule attributeID="attrFoo">
            <PermitValueRule xsi:type="NOT">
               <Rule xsi:type="ValueRegex" attributeID="attrBar" regex="."

        <AttributeRule attributeID="uhAltUid">
            <PermitValueRule xsi:type="ANY" />


I originally also looked at using ValueRegex, but on the
ValueRegexConfiguration wiki page at <>,
this approach looks like the Compound Matcher example which is labeled as
deprecated, so that gave me pause and is why I settled on non-viable
NumberOfAttributeValues attempt. Is this not a deprecated Compound Matcher
as in that example?

On Fri, Nov 18, 2022 at 2:13 AM Rod Widdowson <rdw at>

> It turns out that right now if you do a ValueRegex PolicyRule and the
> attribute doesn't exist then the PolicyRule is false.  So
>         <PolicyRequirementRule xsi:type="ValueRegex" regex=".*"
> attributeID="attrfoo"/>
> Right now (and only right now), you are testing for the attribute having
> any (String) value and thus being present.
> However this behavior is not documented and may change in a future
> release.  In particular this area of code (how we deal with things not
> being there) is under active development so I'd defer strongly to Scott
> about this.
> Me, I'd not rely on this until I saw it documented.
>         /Rod
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at

Baron Fujimoto <baron at> ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list