The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Releasing Directory Information

It is straightforward to configure a Shibboleth IdP to release directory information to any SP:

<AttributeFilterPolicy id="releaseToAnyone">

 <PolicyRequirementRule xsi:type="basic:ANY"/>

 <AttributeRule attributeID="eduPersonPrincipalName">
   <PermitValueRule xsi:type="basic:ANY"/>
 </AttributeRule>
 <AttributeRule attributeID="email">
   <PermitValueRule xsi:type="basic:ANY"/>
 </AttributeRule>
 <AttributeRule attributeID="displayName">
   <PermitValueRule xsi:type="basic:ANY"/>
 </AttributeRule>
 <AttributeRule attributeID="givenName">
   <PermitValueRule xsi:type="basic:ANY"/>
 </AttributeRule>
 <AttributeRule attributeID="surName">
   <PermitValueRule xsi:type="basic:ANY"/>
 </AttributeRule>
</AttributeFilterPolicy>

To release some other set of directory information, simply customize the above example to match your policy

To restrict attribute release to SPs in the InCommon Federation, replace the <PolicyRequirementRule> above with the following rule:

<PolicyRequirementRule
   xsi:type="saml:AttributeRequesterInEntityGroup"
   groupID="urn:mace:incommon"/>

Of course more complex policies are possible; these simple examples are meant to get you started in the right direction.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels