diff options
| author | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-10 12:27:27 +0200 |
|---|---|---|
| committer | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-10 12:27:27 +0200 |
| commit | 4f85857c506729174013742149d69eca736fe2de (patch) | |
| tree | 9d44e4219a5e4bf15ae99bf249b2bc0e7911a4c5 /conf-from-container/conf/attribute-filter.xml | |
| parent | 52042bb9bab3e66c16921e682bafc45341ea4a00 (diff) | |
Messing up the thing
Diffstat (limited to 'conf-from-container/conf/attribute-filter.xml')
| -rw-r--r-- | conf-from-container/conf/attribute-filter.xml | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/conf-from-container/conf/attribute-filter.xml b/conf-from-container/conf/attribute-filter.xml new file mode 100644 index 0000000..f8c41ba --- /dev/null +++ b/conf-from-container/conf/attribute-filter.xml @@ -0,0 +1,45 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + This file is an EXAMPLE policy file. While the policy presented in this + example file is illustrative of some simple cases, it relies on the names of + non-existent example services and the example attributes demonstrated in the + default attribute-resolver.xml file. + + Deployers should refer to the documentation for a complete list of components + and their options. +--> +<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" + xmlns="urn:mace:shibboleth:2.0:afp" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd"> + + <!-- Release some attributes to an SP. --> + <AttributeFilterPolicy id="example1"> + <PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org" /> + + <AttributeRule attributeID="eduPersonPrincipalName"> + <PermitValueRule xsi:type="ANY" /> + </AttributeRule> + + <AttributeRule attributeID="uid"> + <PermitValueRule xsi:type="ANY" /> + </AttributeRule> + + <AttributeRule attributeID="mail"> + <PermitValueRule xsi:type="ANY" /> + </AttributeRule> + </AttributeFilterPolicy> + + <!-- Release eduPersonAffiliation to two specific SPs. --> + <AttributeFilterPolicy id="example2"> + <PolicyRequirementRule xsi:type="OR"> + <Rule xsi:type="Requester" value="https://sp.example.org" /> + <Rule xsi:type="Requester" value="https://another.example.org/shibboleth" /> + </PolicyRequirementRule> + + <AttributeRule attributeID="eduPersonScopedAffiliation"> + <PermitValueRule xsi:type="ANY" /> + </AttributeRule> + </AttributeFilterPolicy> + +</AttributeFilterPolicyGroup> |