resources/conf/attribute-filter.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
   4                             xmlns="urn:mace:shibboleth:2.0:afp"
   5                             xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
   6                             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   7                             xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
   8                                                 urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd ">
   9
  10     <!--
  11           Releases to anyone:
  12             * any value of uid
  13             * only the member value of affiliation
  14     -->
  15     <AttributeFilterPolicy id="ReleaseToAnyone">
  16         <PolicyRequirementRule xsi:type="basic:ANY" />
  17
  18         <AttributeRule attributeID="uid">
  19             <PermitValueRule xsi:type="basic:ANY" />
  20         </AttributeRule>
  21
  22         <AttributeRule attributeID="affiliation">
  23             <PermitValueRule value="member"
  24                              xsi:type="basic:AttributeValueString"/>
  25         </AttributeRule>
  26
  27     </AttributeFilterPolicy>
  28
  29     <!--
  30           Releases to only SP 1:
  31             * any value of uid
  32             * scoped primary affiliation if the scope is the IdP 1 and the value is staff, faculty, or student
  33             * any value of affiliation
  34             * any value of full name
  35     -->
  36     <AttributeFilterPolicy id="ReleaseToSP1">
  37         <PolicyRequirementRule value="urn:example.org:myFederation:sp1"
  38                                xsi:type="basic:AttributeRequesterString" />
  39
  40         <AttributeRule attributeID="uid">
  41             <PermitValueRule xsi:type="basic:ANY" />
  42         </AttributeRule>
  43
  44         <AttributeRule attributeID="scopedPrimaryAffiliation">
  45             <PermitValueRule xsi:type="basic:AND">
  46                 <basic:Rule value="urn:example.org:myFederation:idp1"
  47                             xsi:type="AttributeScopeString" />
  48                 <basic:Rule xsi:type="basic:OR">
  49                     <basic:Rule value="staff"
  50                                 xsi:type="AttributeValueString" />
  51                     <basic:Rule value="faculty"
  52                                 xsi:type="AttributeValueString" />
  53                     <basic:Rule value="student"
  54                                 xsi:type="AttributeValueString" />
  55                 </basic:Rule>
  56             </PermitValueRule>
  57         </AttributeRule>
  58
  59         <AttributeRule attributeID="affiliation">
  60             <PermitValueRule xsi:type="basic:ANY" />
  61         </AttributeRule>
  62
  63         <AttributeRule attributeID="fullName">
  64             <PermitValueRule xsi:type="basic:ANY" />
  65         </AttributeRule>
  66
  67     </AttributeFilterPolicy>
  68
  69 </AttributeFilterPolicyGroup>