Rules examples

This page contains a few useful Perl expressions you can use in your Handler rules, SAML/OIDC/CAS security rules, 2FA Activation rules, etc.

Session attributes are visible in the Manager's Session browser, any attribute you see there can be used in a rule!

  • Restricting access to a single user:
$uid eq "dwho"
$uidNumber == 1000
$cn eq "Doctor Who"
$email eq ""
In Perl, eq means Equal and must be used on strings. == should be used only on numbers
  • Restricting access to specific groups
$groups =~ /\b(?:admins|su)\b/ # admins OR su
$groups =~ /\badmin_[1-3a]\b/ # admin_1 OR admin_2 OR admin_3 OR admin_a
  • Combining multiple expressions
inGroup('timelords') and not $uid eq 'missy'
  • Using Perl's regular expressions
$cn =~ /^Doctor.*/i
$email !~ /$/
  • Filtering on Authentication Level
$authenticationLevel >= 3
  • Filtering on Authentication method
$_auth ne 'Demo'
In Perl, ne means Not Equal and must be used on strings. \b means word Boundary. (?:) means non capturing parenthesis.
  • Comparing the IP address
$env->{REMOTE_ADDR} =~ /^10\./
  • Comparing requested URI
$env->{REQUEST_URI} =~ /test/