016273b0fd93cc5c084d7961df198272b307f4cc
[java-idp.git] / resources / conf / attribute-filter.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <!-- 
4     This file is an EXAMPLE configuration file.  Deployers should NOT attempt to use this 
5     without modifying it for their environment.
6     
7     Deployers should refer to the Shibboleth 2 documentation for a complete list of components 
8     and their options.
9 -->
10
11 <AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" xmlns="urn:mace:shibboleth:2.0:afp"
12     xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
13     xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
14                         urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd ">
15
16     <!--  Release the transient ID to anyone -->
17     <AttributeFilterPolicy id="releaseTransientIdToAnyone">
18         <PolicyRequirementRule xsi:type="basic:ANY" />
19
20         <AttributeRule attributeId="transientId">
21             <PermitValueRule xsi:type="basic:ANY" />
22         </AttributeRule>
23
24     </AttributeFilterPolicy>
25
26
27     <!-- 
28         Release eduPersonEntitlement and the permissible values of eduPersonAffiliation
29         to any SP that is a member of InCommon, UK federation, or SWITCHaai
30     -->
31     <AttributeFilterPolicy>
32         <PolicyRequirementRule xsi:type="basic:OR">
33             <basic:Rule xsi:type="AttributeRequesterInEntityGroup" groupId="urn:mace:incommon" />
34             <basic:Rule xsi:type="AttributeRequesterInEntityGroup" groupId="http://ukfederation.org.uk" />
35             <basic:Rule xsi:type="AttributeRequesterInEntityGroup" groupId="urn:mace:switch.ch:SWITCHaai" />
36         </PolicyRequirementRule>
37
38         <AttributeRule attributeId="entitlement">
39             <PermitValueRule xsi:type="basic:ANY" />
40         </AttributeRule>
41
42         <AttributeRule attributeId="affiliation">
43             <PermitValueRule xsi:type="basic:OR">
44                 <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" />
45                 <basic:Rule xsi:type="basic:AttributeValueString" value="student" />
46                 <basic:Rule xsi:type="basic:AttributeValueString" value="staff" />
47                 <basic:Rule xsi:type="basic:AttributeValueString" value="alumn" />
48                 <basic:Rule xsi:type="basic:AttributeValueString" value="member" />
49                 <basic:Rule xsi:type="basic:AttributeValueString" value="affliate" />
50                 <basic:Rule xsi:type="basic:AttributeValueString" value="employee" />
51             </PermitValueRule>
52         </AttributeRule>
53
54     </AttributeFilterPolicy>
55
56     <!-- 
57         Release the given name of the user to our portal service provider
58     -->
59     <AttributeFilterPolicy>
60         <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="urn:example.org:sp:myPortal" />
61
62         <AttributeRule attributeId="givenName">
63             <PermitValueRule xsi:type="basic:ANY" />
64         </AttributeRule>
65     </AttributeFilterPolicy>
66
67 </AttributeFilterPolicyGroup>