blob: 9f527fb94ccd417dcf643c53016741bd41349039 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
<?xml version="1.0" encoding="UTF-8"?>
<!--
This file is an EXAMPLE policy file. While the policy presented in this
example file is illustrative of some simple cases, it relies on the names of
non-existent example services and the example attributes demonstrated in the
default attribute-resolver.xml file.
Deployers should refer to the documentation for a complete list of components
and their options.
-->
<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
xmlns="urn:mace:shibboleth:2.0:afp"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
<!-- Release the transient ID to anyone -->
<AttributeFilterPolicy id="releaseTransientAndPermanentIdToAnyone">
<PolicyRequirementRule xsi:type="basic:ANY" />
<AttributeRule attributeID="transientId">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="persistentId">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonTargetedID">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
</AttributeFilterPolicy>
<!-- recommended initial attribute filter policy for swamid.se + same rule for edugain, incommon, uk and kalmar2 -->
<AttributeFilterPolicy id="releaseStandardAttributesToFederations">
<PolicyRequirementRule xsi:type="basic:OR">
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:incommon" />
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://ukfederation.org.uk" />
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://md.swamid.se/md/swamid-1.0.xml" />
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://mds.swamid.se/md/swamid-2.0.xml" />
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="kalmarcentral2" />
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="edugain" />
</PolicyRequirementRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="surname">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="commonName">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="email">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonEntitlement">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="mailLocalAddress">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="basic:OR">
<basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="alum" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" />
</PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="organizationName">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
</AttributeFilterPolicy>
</AttributeFilterPolicyGroup>
|
