Improve example configs
[java-idp.git] / resources / conf / attribute-filter.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" 
4                             xmlns="urn:mace:shibboleth:2.0:afp"
5                             xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
6                             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
7                             xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
8                                                 urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd ">
9
10     <!-- 
11           Releases to anyone:
12             * any value of uid
13             * only the member value of affiliation
14     -->
15     <AttributeFilterPolicy id="ReleaseToAnyone">
16         <PolicyRequirementRule xsi:type="basic:ANY" />
17         
18         <AttributeRule attributeID="uid">
19             <PermitValueRule xsi:type="basic:ANY" />
20         </AttributeRule>
21         
22         <AttributeRule attributeID="affiliation">
23             <PermitValueRule value="member"
24                              xsi:type="basic:AttributeValueString"/>
25         </AttributeRule>
26         
27     </AttributeFilterPolicy>
28     
29     <!-- 
30           Releases to only SP 1:
31             * any value of uid
32             * scoped primary affiliation if the scope is the IdP 1 and the value is staff, faculty, or student
33             * any value of affiliation
34             * any value of full name
35     -->
36     <AttributeFilterPolicy id="ReleaseToSP1">
37         <PolicyRequirementRule value="urn:example.org:myFederation:sp1" 
38                                xsi:type="basic:AttributeRequesterString" />
39         
40         <AttributeRule attributeID="uid">
41             <PermitValueRule xsi:type="basic:ANY" />
42         </AttributeRule>
43         
44         <AttributeRule attributeID="scopedPrimaryAffiliation">
45             <PermitValueRule xsi:type="basic:AND">
46                 <basic:Rule value="urn:example.org:myFederation:idp1" 
47                             xsi:type="AttributeScopeString" />
48                 <basic:Rule xsi:type="basic:OR">
49                     <basic:Rule value="staff"
50                                 xsi:type="AttributeValueString" />
51                     <basic:Rule value="faculty"
52                                 xsi:type="AttributeValueString" />
53                     <basic:Rule value="student"
54                                 xsi:type="AttributeValueString" />
55                 </basic:Rule>
56             </PermitValueRule>
57         </AttributeRule>
58         
59         <AttributeRule attributeID="affiliation">
60             <PermitValueRule xsi:type="basic:ANY" />
61         </AttributeRule>
62         
63         <AttributeRule attributeID="fullName">
64             <PermitValueRule xsi:type="basic:ANY" />
65         </AttributeRule>
66         
67     </AttributeFilterPolicy>
68                                                     
69 </AttributeFilterPolicyGroup>