1 files changed, 56 insertions, 0 deletions

diff --git a/idp/template-config/attribute-filter.xml b/idp/template-config/attribute-filter.xml
new file mode 100644
index 0000000..4543e99
--- /dev/null
+++ b/idp/template-config/attribute-filter.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    This file is an EXAMPLE policy file.  While the policy presented in this
+    example file is illustrative of some simple cases, it relies on the names of
+    non-existent example services and the example attributes demonstrated in the
+    default attribute-resolver.xml file.
+
+    Deployers should refer to the documentation for a complete list of components
+    and their options.
+-->
+<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
+        xmlns="urn:mace:shibboleth:2.0:afp"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
+
+        <!-- Release some attributes to an SP. -->
+        <!-- Note: requester seems to need the path /shibboleth to be included to match this! -->
+        <AttributeFilterPolicy id="sp.nordu.dev">
+            <PolicyRequirementRule xsi:type="Requester" value="https://sp.nordu.dev/shibboleth" />
+            <!-- <PolicyRequirementRule xsi:type="ANY" /> -->
+            <AttributeRule attributeID="eduPersonPrincipalName">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="uid">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="mail">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="givenName">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="surname">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="displayName">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="commonName">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="employeeType">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="email">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="eduPersonEntitlement">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="mailLocalAddress">
+                <PermitValueRule xsi:type="ANY" />
+            </AttributeRule>
+
+        </AttributeFilterPolicy>
+</AttributeFilterPolicyGroup>