resources/conf/attribute-filter.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <!--
   4     This file is an EXAMPLE configuration file.  Deployers should NOT attempt to use this
   5     without modifying it for their environment.
   6
   7     Deployers should refer to the Shibboleth 2 documentation for a complete list of components
   8     and their options.
   9 -->
  10
  11 <AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" xmlns="urn:mace:shibboleth:2.0:afp"
  12     xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  13     xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
  14                         urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd ">
  15
  16     <!--  Release the transient ID to anyone -->
  17     <AttributeFilterPolicy id="releaseTransientIdToAnyone">
  18         <PolicyRequirementRule xsi:type="basic:ANY" />
  19
  20         <AttributeRule attributeId="transientId">
  21             <PermitValueRule xsi:type="basic:ANY" />
  22         </AttributeRule>
  23
  24     </AttributeFilterPolicy>
  25
  26
  27     <!--
  28         Release eduPersonEntitlement and the permissible values of eduPersonAffiliation
  29         to any SP that is a member of InCommon, UK federation, or SWITCHaai
  30     -->
  31     <AttributeFilterPolicy>
  32         <PolicyRequirementRule xsi:type="basic:OR">
  33             <basic:Rule xsi:type="AttributeRequesterInEntityGroup" groupId="urn:mace:incommon" />
  34             <basic:Rule xsi:type="AttributeRequesterInEntityGroup" groupId="http://ukfederation.org.uk" />
  35             <basic:Rule xsi:type="AttributeRequesterInEntityGroup" groupId="urn:mace:switch.ch:SWITCHaai" />
  36         </PolicyRequirementRule>
  37
  38         <AttributeRule attributeId="entitlement">
  39             <PermitValueRule xsi:type="basic:ANY" />
  40         </AttributeRule>
  41
  42         <AttributeRule attributeId="affiliation">
  43             <PermitValueRule xsi:type="basic:OR">
  44                 <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" />
  45                 <basic:Rule xsi:type="basic:AttributeValueString" value="student" />
  46                 <basic:Rule xsi:type="basic:AttributeValueString" value="staff" />
  47                 <basic:Rule xsi:type="basic:AttributeValueString" value="alumn" />
  48                 <basic:Rule xsi:type="basic:AttributeValueString" value="member" />
  49                 <basic:Rule xsi:type="basic:AttributeValueString" value="affliate" />
  50                 <basic:Rule xsi:type="basic:AttributeValueString" value="employee" />
  51             </PermitValueRule>
  52         </AttributeRule>
  53
  54     </AttributeFilterPolicy>
  55
  56     <!--
  57         Release the given name of the user to our portal service provider
  58     -->
  59     <AttributeFilterPolicy>
  60         <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="urn:example.org:sp:myPortal" />
  61
  62         <AttributeRule attributeId="givenName">
  63             <PermitValueRule xsi:type="basic:ANY" />
  64         </AttributeRule>
  65     </AttributeFilterPolicy>
  66
  67 </AttributeFilterPolicyGroup>