Page History

...

Code Block

	xml
	xml

<AttributeFilterPolicy id="releaseToRandSreleaseFullBundleToRandS">

  <PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

  <AttributeRule attributeID="eduPersonPrincipalName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="eduPersonTargetedID">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="email">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="displayName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="givenName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="surname">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="eduPersonScopedAffiliation">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>

</AttributeFilterPolicy>

...

Code Block

	xml
	xml

<AttributeFilterPolicy id="releaseToRandSreleaseFullBundleToRandS">

  <PolicyRequirementRule xsi:type="basic:OR">
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://carmenwiki.osu.edu/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://filesender.internet2.edu/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://wikispaces.psu.edu/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://www.indianactsi.org" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://cilogon.org/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://cgca.phys.uwm.edu/shibboleth-sp" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://panther.gpolab.bbn.com/shibboleth" />
    <basic:Rule xsi:type="basic:AttributeRequesterString" value="https://ligo.org/ligovirgo/cbcnote/shibboleth-sp" />
    <!-- etc. -->
  </PolicyRequirementRule>

  <AttributeRule attributeID="eduPersonPrincipalName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="eduPersonTargetedID">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="email">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="displayName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="givenName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="surname">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="eduPersonScopedAffiliation">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>

</AttributeFilterPolicy>

You can of course modify either of the above <AttributeFilterPolicy> elements to release the a minimal subset of the R&S attribute bundle subject to policyas shown in the following section.

Release a Minimal Subset of the R&S Bundle to All R&S SPs

The following example for Shib IdP v2.3.4 (and higher) releases a minimal subset of the R&S attribute bundle to all R&S SPs:

Code Block

	xml
	xml


<AttributeFilterPolicy id="releaseMinimalBundleToRandS">

  <PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

  <AttributeRule attributeID="eduPersonPrincipalName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>

  <!-- if your deployment of ePPN is non-reassigned, release of ePTID is OPTIONAL -->
  <AttributeRule attributeID="eduPersonTargetedID">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>

  <AttributeRule attributeID="email">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>

  <!-- either displayName or (givenName and sn) is REQUIRED but all three are RECOMMENDED -->
  <AttributeRule attributeID="displayName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="givenName">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="surname">
    <PermitValueRule xsi:type="basic:ANY"/>
  </AttributeRule>

</AttributeFilterPolicy>

Note that the above policy may be trimmed further depending on your IdP's capabilities.

Release a Dynamic Subset of the R&S Bundle to All R&S SPs

...

Child pages

Versions Compared

Old Version 46

New Version 47

Key

Release a Minimal Subset of the R&S Bundle to All R&S SPs

Release a Dynamic Subset of the R&S Bundle to All R&S SPs

Child pages

Page History

Versions Compared

Old Version 46

New Version 47

Key

﻿﻿Release a Minimal Subset of the R&S Bundle to All R&S SPs

﻿﻿Release a Dynamic Subset of the R&S Bundle to All R&S SPs

Release a Minimal Subset of the R&S Bundle to All R&S SPs

Release a Dynamic Subset of the R&S Bundle to All R&S SPs