Minor changes to default filter per Ian's suggestions
[java-idp.git] / resources / conf / attribute-filter.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <!-- 
4     This file is an EXAMPLE policy file.  While the policy presented in this 
5     example file is functional, it isn't very interesting.
6     
7     Deployers should refer to the Shibboleth 2 documentation for a complete list of components 
8     and their options.
9 -->
10
11 <AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" xmlns="urn:mace:shibboleth:2.0:afp"
12     xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic" xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
13     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
14     xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
15                         urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd
16                         urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">
17
18     <!--  Release the transient ID to anyone -->
19     <AttributeFilterPolicy id="releaseTransientIdToAnyone">
20         <PolicyRequirementRule xsi:type="basic:ANY" />
21
22         <AttributeRule attributeID="transientId">
23             <PermitValueRule xsi:type="basic:ANY" />
24         </AttributeRule>
25
26     </AttributeFilterPolicy>
27
28
29     <!-- 
30         Release eduPersonEntitlement and the permissible values of eduPersonAffiliation
31         to any SP that is a member of InCommon, UK federation, or SWITCHaai
32     -->
33     <!--
34     <AttributeFilterPolicy>
35         <PolicyRequirementRule xsi:type="basic:OR">
36             <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:incommon" />
37             <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://ukfederation.org.uk" />
38             <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:switch.ch:SWITCHaai" />
39         </PolicyRequirementRule>
40
41         <AttributeRule attributeID="affiliation">
42             <PermitValueRule xsi:type="basic:OR">
43                 <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />
44                 <basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />
45                 <basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />
46                 <basic:Rule xsi:type="basic:AttributeValueString" value="alumni" ignoreCase="true" />
47                 <basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" />
48                 <basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" />
49                 <basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" />
50                 <basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" />
51             </PermitValueRule>
52         </AttributeRule>
53
54     </AttributeFilterPolicy>
55     -->
56
57     <!-- 
58         Release the given name of the user to our portal service provider
59     -->
60     <!--
61     <AttributeFilterPolicy>
62         <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="urn:example.org:sp:myPortal" />
63
64         <AttributeRule attributeID="givenName">
65             <PermitValueRule xsi:type="basic:ANY" />
66         </AttributeRule>
67     </AttributeFilterPolicy>
68     -->
69
70 </AttributeFilterPolicyGroup>