...
- Always release the same set of attributes to every R&S SP.
- For each SP, Release only release those attributes that the an SP requests via its metadata element.
Always Release the Same Set of Attributes
There is only step:
Configure a new <AttributeFilterPolicy> element for R&S SPs.This example releases all of the R&S attributes; a campus should customize as appropriate (eg changing the attributeID values).
| Code Block | ||||
|---|---|---|---|---|
| ||||
<AttributeFilterPolicy id="releaseToRandS">
<PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
attributeName="http://id.incommon.org/attribute/entity/category"
attributeValue="research-and-scholarship"/>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="email">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="surName">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="basic:ANY" />
</AttributeRule>
</AttributeFilterPolicy>
|
Release Only
...
Those Attributes
...
an SP Requests via Its Metadata Element
| Info | ||
|---|---|---|
| ||
The following configuration requires Shibboleth IdP v2.3.4 (released on October 27, 2011) or later, which fully supports using entity attributes in SP metadata as part of an attribute release filter policy. For IdPs prior to v2.3.4, InCommon will provide provides a tool that filters can be run on a regular basis to convert InCommon metadata into an explicit |
...