...
Release a Fixed Subset of the R&S Bundle
For Shib IdPs v2.3.4 and higher
To release a fixed subset of the R&S bundle (or the complete bundle itself), configure a new <AttributeFilterPolicy>
element that refers to the R&S entity attribute. The following example releases a subset of the R&S bundle to all R&S SPs:
...
To release some other subset of the R&S bundle, simply customize the above example to match your policy. An IdP that fully supports R&S will release at least the minimal subset of the R&S attribute bundle.
For Shib IdPs prior to v2.3.4
Old versions of the Shib IdP don't support entity attributes so we provide an XSLT script that extracts the entity IDs of the R&S SPs. Run the script (InCommonRandSPolicy.xsl
) at the command line as follows:
HTML |
---|
<pre>
$ <b>curl --silent http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml \
| xsltproc InCommonRandSPolicy.xsl - \
| tidy -quiet -xml -indent -wrap 0</b>
</pre> |
The output will include a listing of the entity IDs of all R&S SPs found in the metadata file:
Code Block | ||||
---|---|---|---|---|
| ||||
<AttributeFilterPolicy id="releaseToRandS"> <PolicyRequirementRule xsi:type="basic:OR"> <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://carmenwiki.osu.edu/shibboleth" /> <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://filesender.internet2.edu/shibboleth" /> <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://wikispaces.psu.edu/shibboleth" /> <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.indianactsi.org" /> <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://cilogon.org/shibboleth" /> <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://cgca.phys.uwm.edu/shibboleth-sp" /> <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://panther.gpolab.bbn.com/shibboleth" /> <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://ligo.org/ligovirgo/cbcnote/shibboleth-sp" /> <!-- etc. --> </PolicyRequirementRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="email"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="surName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> </AttributeFilterPolicy> |
Release a Dynamic Subset of the R&S Bundle
...