724a579695fb2fdeff0b74d2e204deb887828374
[java-idp.git] / resources / conf / attribute-filter.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <!-- 
4     This file is an EXAMPLE policy file.  While the policy presented in this 
5     example file is functional, it isn't very interesting.
6     
7     Deployers should refer to the Shibboleth 2 documentation for a complete list of components 
8     and their options.
9 -->
10
11 <AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" xmlns="urn:mace:shibboleth:2.0:afp"
12     xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
13     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
14     xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
15                         urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd
16                         urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">
17
18     <!--  Release the transient ID to anyone -->
19     <AttributeFilterPolicy id="releaseTransientIdToAnyone">
20         <PolicyRequirementRule xsi:type="basic:ANY" />
21
22         <AttributeRule attributeID="transientId">
23             <PermitValueRule xsi:type="basic:ANY" />
24         </AttributeRule>
25
26     </AttributeFilterPolicy>
27
28
29     <!-- 
30         Release eduPersonEntitlement and the permissible values of eduPersonAffiliation
31         to any SP that is a member of InCommon, UK federation, or SWITCHaai
32     -->
33     <!--
34     <AttributeFilterPolicy>
35         <PolicyRequirementRule xsi:type="basic:OR">
36             <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:incommon" />
37             <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://ukfederation.org.uk" />
38             <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:switch.ch:SWITCHaai" />
39         </PolicyRequirementRule>
40
41         <AttributeRule attributeID="entitlement">
42             <PermitValueRule xsi:type="basic:ANY" />
43         </AttributeRule>
44
45         <AttributeRule attributeID="affiliation">
46             <PermitValueRule xsi:type="basic:OR">
47                 <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" />
48                 <basic:Rule xsi:type="basic:AttributeValueString" value="student" />
49                 <basic:Rule xsi:type="basic:AttributeValueString" value="staff" />
50                 <basic:Rule xsi:type="basic:AttributeValueString" value="alumn" />
51                 <basic:Rule xsi:type="basic:AttributeValueString" value="member" />
52                 <basic:Rule xsi:type="basic:AttributeValueString" value="affliate" />
53                 <basic:Rule xsi:type="basic:AttributeValueString" value="employee" />
54             </PermitValueRule>
55         </AttributeRule>
56
57     </AttributeFilterPolicy>
58     -->
59
60     <!-- 
61         Release the given name of the user to our portal service provider
62     -->
63     <!--
64     <AttributeFilterPolicy>
65         <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="urn:example.org:sp:myPortal" />
66
67         <AttributeRule attributeID="givenName">
68             <PermitValueRule xsi:type="basic:ANY" />
69         </AttributeRule>
70     </AttributeFilterPolicy>
71     -->
72
73 </AttributeFilterPolicyGroup>