1 files changed, 81 insertions, 0 deletions

diff --git a/template-config/attribute-filter.xml b/template-config/attribute-filter.xml
new file mode 100644
index 0000000..9f527fb
--- /dev/null
+++ b/template-config/attribute-filter.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    This file is an EXAMPLE policy file.  While the policy presented in this
+    example file is illustrative of some simple cases, it relies on the names of
+    non-existent example services and the example attributes demonstrated in the
+    default attribute-resolver.xml file.
+
+    Deployers should refer to the documentation for a complete list of components
+    and their options.
+-->
+<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
+        xmlns="urn:mace:shibboleth:2.0:afp"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
+
+        <!--  Release the transient ID to anyone -->
+        <AttributeFilterPolicy id="releaseTransientAndPermanentIdToAnyone">
+            <PolicyRequirementRule xsi:type="basic:ANY" />
+            <AttributeRule attributeID="transientId">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="persistentId">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="eduPersonTargetedID">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+        </AttributeFilterPolicy>
+
+        <!-- recommended initial attribute filter policy for swamid.se + same rule for edugain, incommon, uk and kalmar2 -->
+        <AttributeFilterPolicy id="releaseStandardAttributesToFederations">
+            <PolicyRequirementRule xsi:type="basic:OR">
+                <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:incommon" />
+                <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://ukfederation.org.uk" />
+                <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://md.swamid.se/md/swamid-1.0.xml" />
+                <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://mds.swamid.se/md/swamid-2.0.xml" />
+                <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="kalmarcentral2" />
+                <basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="edugain" />
+            </PolicyRequirementRule>
+            <AttributeRule attributeID="givenName">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="surname">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="displayName">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="commonName">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="eduPersonPrincipalName">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="email">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="eduPersonEntitlement">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="mailLocalAddress">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+            <AttributeRule attributeID="eduPersonScopedAffiliation">
+                <PermitValueRule xsi:type="basic:OR">
+                    <basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />
+                    <basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />
+                    <basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />
+                    <basic:Rule xsi:type="basic:AttributeValueString" value="alum" ignoreCase="true" />
+                    <basic:Rule xsi:type="basic:AttributeValueString" value="member" ignoreCase="true" />
+                    <basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" />
+                    <basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" />
+                    <basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" />
+                </PermitValueRule>
+            </AttributeRule>
+            <AttributeRule attributeID="organizationName">
+                <PermitValueRule xsi:type="basic:ANY" />
+            </AttributeRule>
+        </AttributeFilterPolicy>
+
+</AttributeFilterPolicyGroup>