idp/template-config/attribute-filter.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

<?xml version="1.0" encoding="UTF-8"?>
<!--
    This file is an EXAMPLE policy file.  While the policy presented in this
    example file is illustrative of some simple cases, it relies on the names of
    non-existent example services and the example attributes demonstrated in the
    default attribute-resolver.xml file.

    Deployers should refer to the documentation for a complete list of components
    and their options.
-->
<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
        xmlns="urn:mace:shibboleth:2.0:afp"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">

        <!-- Release some attributes to an SP. -->
        <!-- Note: requester seems to need the path /shibboleth to be included to match this! -->
        <AttributeFilterPolicy id="sp.nordu.dev">
            <PolicyRequirementRule xsi:type="Requester" value="https://sp.nordu.dev/shibboleth" />
            <!-- <PolicyRequirementRule xsi:type="ANY" /> -->
            <AttributeRule attributeID="eduPersonPrincipalName">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="uid">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="mail">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="givenName">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="surname">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="displayName">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="commonName">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="employeeType">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="email">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="eduPersonEntitlement">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>
            <AttributeRule attributeID="mailLocalAddress">
                <PermitValueRule xsi:type="ANY" />
            </AttributeRule>

        </AttributeFilterPolicy>
</AttributeFilterPolicyGroup>