--- /dev/null
+<AttributeAcceptancePolicy xmlns="urn:mace:shibboleth:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:1.0 ../schemas/shibboleth.xsd">
+
+ <!--
+ This is a sample file containing rules for attributes defined by the US Federal govt
+ EAuthn specification.
+ -->
+
+ <!-- According to the spec, these three attributes are required. -->
+
+ <AttributeRule Name="CSid" Namespace="http://eauthentication.gsa.gov/federated/attribute">
+ <AnySite>
+ <AnyValue/>
+ </AnySite>
+ </AttributeRule>
+
+ <AttributeRule Name="commonName" Namespace="http://eauthentication.gsa.gov/federated/attribute" Header="EAuth-CommonName">
+ <AnySite>
+ <AnyValue/>
+ </AnySite>
+ </AttributeRule>
+
+ <AttributeRule Name="assuranceLevel" Namespace="http://eauthentication.gsa.gov/federated/attribute" Header="EAuth-Level">
+ <AnySite>
+ <Value>1</Value>
+ <Value>2</Value>
+ <Value>3</Value>
+ <Value>4</Value>
+ <Value>Test</Value>
+ </AnySite>
+ </AttributeRule>
+
+ <!--
+ EAuth subjects are X.500 DN strings. The SAML NameIdentifier Format is used as a pseudo-attribute
+ Name to cause the subject value to be exported to a header, REMOTE_USER in this example.
+ -->
+ <AttributeRule Name="urn:oasis:names:tc:SAML:1.0:assertion#X509SubjectName" Header="REMOTE_USER">
+ <AnySite>
+ <AnyValue/>
+ </AnySite>
+ </AttributeRule>
+
+</AttributeAcceptancePolicy>