Example AAP for E-Auth apps.
authorcantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 15 Jun 2005 01:51:19 +0000 (01:51 +0000)
committercantor <cantor@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 15 Jun 2005 01:51:19 +0000 (01:51 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1624 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/conf/eauth-AAP.xml [new file with mode: 0644]

diff --git a/src/conf/eauth-AAP.xml b/src/conf/eauth-AAP.xml
new file mode 100644 (file)
index 0000000..0ac10c6
--- /dev/null
@@ -0,0 +1,44 @@
+<AttributeAcceptancePolicy xmlns="urn:mace:shibboleth:1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:1.0 ../schemas/shibboleth.xsd">
+
+       <!--
+       This is a sample file containing rules for attributes defined by the US Federal govt
+       EAuthn specification.
+       -->
+
+       <!-- According to the spec, these three attributes are required. -->
+
+       <AttributeRule Name="CSid" Namespace="http://eauthentication.gsa.gov/federated/attribute">
+               <AnySite>
+                       <AnyValue/>
+               </AnySite>
+       </AttributeRule>
+
+       <AttributeRule Name="commonName" Namespace="http://eauthentication.gsa.gov/federated/attribute" Header="EAuth-CommonName">
+               <AnySite>
+                       <AnyValue/>
+               </AnySite>
+       </AttributeRule>
+
+       <AttributeRule Name="assuranceLevel" Namespace="http://eauthentication.gsa.gov/federated/attribute" Header="EAuth-Level">
+               <AnySite>
+                       <Value>1</Value>
+                       <Value>2</Value>
+                       <Value>3</Value>
+                       <Value>4</Value>
+                       <Value>Test</Value>
+               </AnySite>
+       </AttributeRule>
+
+       <!--
+       EAuth subjects are X.500 DN strings. The SAML NameIdentifier Format is used as a pseudo-attribute
+       Name to cause the subject value to be exported to a header, REMOTE_USER in this example.
+       -->
+       <AttributeRule Name="urn:oasis:names:tc:SAML:1.0:assertion#X509SubjectName" Header="REMOTE_USER">
+               <AnySite>
+                       <AnyValue/>
+               </AnySite>
+       </AttributeRule>
+       
+</AttributeAcceptancePolicy>