summaryrefslogtreecommitdiff
path: root/template-config
diff options
context:
space:
mode:
Diffstat (limited to 'template-config')
-rw-r--r--template-config/attribute-filter.xml75
1 files changed, 56 insertions, 19 deletions
diff --git a/template-config/attribute-filter.xml b/template-config/attribute-filter.xml
index 9f527fb..2ba1d94 100644
--- a/template-config/attribute-filter.xml
+++ b/template-config/attribute-filter.xml
@@ -13,23 +13,60 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
+ <!-- Release some attributes to an SP. -->
+ <AttributeFilterPolicy id="sp.nordu.dev">
+ <!-- <PolicyRequirementRule xsi:type="Requester" value="https://sp.nordu.dev" />-->
+ <PolicyRequirementRule xsi:type="ANY" />
+ <AttributeRule attributeID="eduPersonPrincipalName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="uid">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="mail">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="givenName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="surname">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="displayName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="commonName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="email">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="eduPersonEntitlement">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="mailLocalAddress">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+
+ </AttributeFilterPolicy>
+
<!-- Release the transient ID to anyone -->
- <AttributeFilterPolicy id="releaseTransientAndPermanentIdToAnyone">
- <PolicyRequirementRule xsi:type="basic:ANY" />
+<!-- <AttributeFilterPolicy id="releaseTransientAndPermanentIdToAnyone">
+ <PolicyRequirementRule xsi:type="ANY" />
<AttributeRule attributeID="transientId">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="persistentId">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonTargetedID">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
-
+-->
<!-- recommended initial attribute filter policy for swamid.se + same rule for edugain, incommon, uk and kalmar2 -->
- <AttributeFilterPolicy id="releaseStandardAttributesToFederations">
- <PolicyRequirementRule xsi:type="basic:OR">
+<!-- <AttributeFilterPolicy id="releaseStandardAttributesToFederations">
+ <PolicyRequirementRule xsi:type="OR">
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:incommon" />
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://ukfederation.org.uk" />
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://md.swamid.se/md/swamid-1.0.xml" />
@@ -38,31 +75,31 @@
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="edugain" />
</PolicyRequirementRule>
<AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="surname">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="commonName">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="email">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonEntitlement">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mailLocalAddress">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliation">
- <PermitValueRule xsi:type="basic:OR">
+ <PermitValueRule xsi:type="OR">
<basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />
@@ -74,8 +111,8 @@
</PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="organizationName">
- <PermitValueRule xsi:type="basic:ANY" />
+ <PermitValueRule xsi:type="ANY" />
</AttributeRule>
- </AttributeFilterPolicy>
+ </AttributeFilterPolicy>-->
</AttributeFilterPolicyGroup>
generated by cgit v1.1 at 2025-12-15 06:14:23 +0000