Releasing Directory Information
It is straightforward to configure a Shibboleth IdP to release directory information to any SP:
<AttributeFilterPolicy id="releaseToAnyone"> <PolicyRequirementRule xsi:type="basic:ANY"/> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="email"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> <AttributeRule attributeID="surName"> <PermitValueRule xsi:type="basic:ANY"/> </AttributeRule> </AttributeFilterPolicy>
To release some other set of directory information, simply customize the above example to match your policy
To restrict attribute release to SPs in the InCommon Federation, replace the <PolicyRequirementRule>
above with the following rule:
<PolicyRequirementRule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:incommon"/>
Of course more complex policies are possible; these simple examples are meant to get you started in the right direction.