...
See also Attribute release, in our Shibboleth IDP v3 documentation.
...
Expand |
---|
title | Show example Shibboleth IDP IDPv3 policy for REFEDS R&S: |
---|
|
Code Block |
---|
| <AttributeFilterPolicy id="REFEDSResearchAndScholarship">
<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://refeds.org/category/research-and-scholarship"/>
<!-- RandS requires: An identifier, email and a person's name.
If ePPN values could be reassigned you MUST also release eduPersonTargetedID.
Always releasing ePTID is recommended, though, as is releasing givenName+sn
in addition to displayName, to help with interop. -->
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonTargetedID">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="email">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="surname">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<!-- Affiliation is optional but release is still "strongly recommended". -->
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy> |
|
...
Expand |
---|
title | Show example Shibboleth IDP IDPv3 policy for GEANT EU Code of Conduct: |
---|
|
Code Block |
---|
| <afp:AttributeFilterPolicy<AttributeFilterPolicy id="GeantEEADataProtectionCodeOfConduct">
<afp:PolicyRequirementRule<PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatchEntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1"/>
<!-- Release data to EU/EEA/Adequat CoCo-SPs, based on RequestedAttributes in SAML metadata -->
<afp:AttributeRule<AttributeRule attributeID="displayName">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataMappedAttributeInMetadata" onlyIfRequired="true"/>
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="givenName">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataMappedAttributeInMetadata" onlyIfRequired="true"/>
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="surname">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataMappedAttributeInMetadata" onlyIfRequired="true"/>
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="email">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataMappedAttributeInMetadata" onlyIfRequired="true"/>
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="eduPersonScopedAffiliation">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataMappedAttributeInMetadata" onlyIfRequired="true"/>
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="eduPersonPrincipalName">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataMappedAttributeInMetadata" onlyIfRequired="true"/>
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="eduPersonTargetedID">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataMappedAttributeInMetadata" onlyIfRequired="false"/>
</afp:AttributeRule>
<afp:AttributeRule<AttributeRule attributeID="schacHomeOrganization">
<afp:PermitValueRule<PermitValueRule xsi:type="saml:AttributeInMetadataMappedAttributeInMetadata" onlyIfRequired="false"/>
</afp:AttributeRule>
</afp:AttributeFilterPolicy> |
|
See also IDP2 Attribute release, from our Shibboleth IDP 2.4 documentation section.