summaryrefslogtreecommitdiff
path: root/template-config/attribute-filter.xml
diff options
context:
space:
mode:
Diffstat (limited to 'template-config/attribute-filter.xml')
-rw-r--r--template-config/attribute-filter.xml122
1 files changed, 0 insertions, 122 deletions
diff --git a/template-config/attribute-filter.xml b/template-config/attribute-filter.xml
deleted file mode 100644
index f2aa5f7..0000000
--- a/template-config/attribute-filter.xml
+++ /dev/null
@@ -1,122 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE policy file. While the policy presented in this
- example file is illustrative of some simple cases, it relies on the names of
- non-existent example services and the example attributes demonstrated in the
- default attribute-resolver.xml file.
-
- Deployers should refer to the documentation for a complete list of components
- and their options.
--->
-<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
- xmlns="urn:mace:shibboleth:2.0:afp"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
-
- <!-- Release some attributes to an SP. -->
- <!-- Note: requester seems to need the path /shibboleth to be included to match this! -->
- <AttributeFilterPolicy id="sp.nordu.dev">
- <PolicyRequirementRule xsi:type="Requester" value="https://sp.nordu.dev/shibboleth" />
- <!-- <PolicyRequirementRule xsi:type="ANY" /> -->
- <AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="uid">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="mail">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="surname">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="commonName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="employeeType">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="email">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonEntitlement">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="mailLocalAddress">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
-
- </AttributeFilterPolicy>
-
- <!-- Release the transient ID to anyone -->
-<!-- <AttributeFilterPolicy id="releaseTransientAndPermanentIdToAnyone">
- <PolicyRequirementRule xsi:type="ANY" />
- <AttributeRule attributeID="transientId">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="persistentId">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonTargetedID">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- </AttributeFilterPolicy>
--->
- <!-- recommended initial attribute filter policy for swamid.se + same rule for edugain, incommon, uk and kalmar2 -->
-<!-- <AttributeFilterPolicy id="releaseStandardAttributesToFederations">
- <PolicyRequirementRule xsi:type="OR">
- <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:incommon" />
- <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://ukfederation.org.uk" />
- <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://md.swamid.se/md/swamid-1.0.xml" />
- <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://mds.swamid.se/md/swamid-2.0.xml" />
- <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="kalmarcentral2" />
- <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="edugain" />
- </PolicyRequirementRule>
- <AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="surname">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="commonName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="email">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonEntitlement">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="mailLocalAddress">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonScopedAffiliation">
- <PermitValueRule xsi:type="OR">
- <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />
- <basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />
- <basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />
- <basic:Rule xsi:type="basic:AttributeValueString" value="alum" ignoreCase="true" />
- <basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" />
- <basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" />
- <basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" />
- <basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" />
- </PermitValueRule>
- </AttributeRule>
- <AttributeRule attributeID="organizationName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- </AttributeFilterPolicy>-->
-
-</AttributeFilterPolicyGroup>
generated by cgit v1.1 at 2025-07-18 07:51:09 +0000