...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?>
<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
xmlns="urn:mace:shibboleth:2.0:afp"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
<!-- GEANTREFEDS DataAnonymous protectionAuthorization CodeEntity ofCategory Conduct -->
<AttributeFilterPolicy id="releaseToCoCoreleaseToRefedsAnonymous">
<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="httphttps://wwwrefeds.geant.netorg/uri/dataprotection-code-of-conduct/v1category/anonymous" />
<AttributeRule attributeID="eduPersonTargetedIDeduPersonScopedAffiliation">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" ANY"/>
</AttributeRule>
<AttributeRule attributeID="eduPersonPrincipalNameschacHomeOrganization">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
ANY"/>
</AttributeRule>
</AttributeFilterPolicy>
<!-- REFEDS Pseudonymous Authorization Entity Category <AttributeRule attributeID-->
<AttributeFilterPolicy id="eduPersonOrcidreleaseToRefedsPseudonymous">
<PermitValueRule <PolicyRequirementRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />EntityAttributeExactMatch"
</AttributeRule>attributeName="http://macedir.org/entity-category"
attributeValue="https://refeds.org/category/pseudonymous" />
<AttributeRule attributeID="norEduPersonNINsamlPairwiseID">
<PermitValueRule xsi:type="ANDANY"/>
</AttributeRule>
<Rule <AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
<Rule ANY"/>
</AttributeRule>
<AttributeRule attributeID="schacHomeOrganization">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="eduPersonAssurance">
<PermitValueRule xsi:type="RegistrationAuthorityANY" registrars="http://www.swamid.se/" />
</PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="personalIdentityNumber">
<PermitValueRule />
</AttributeRule>
</AttributeFilterPolicy>
<!-- REFEDS Personalized Access Entity Category -->
<AttributeFilterPolicy id="releaseToRefedsPersonalized">
<PolicyRequirementRule xsi:type="ANDEntityAttributeExactMatch">
<Rule
attributeName="http://macedir.org/entity-category"
attributeValue="https://refeds.org/category/personalized" />
<AttributeRule attributeID="samlSubjectID">
<PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" />
<Rule </AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="RegistrationAuthorityANY" registrars="http://www.swamid.se/" />
</PermitValueRule>
</AttributeRule>
/>
</AttributeRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="schacDateOfBirthsn">
<PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" />
/>
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="cneduPersonAssurance">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="trueANY" />
</AttributeRule>
<AttributeRule attributeID="displayNameschacHomeOrganization">
<PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" />
/>
</AttributeRule>
<AttributeRule attributeID="givenNameeduPersonScopedAffiliation">
<PermitValueRule <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="truexsi:type="OR">
<Rule xsi:type="Value" value="faculty" caseSensitive="false" />
<Rule xsi:type="Value" </AttributeRule>
<AttributeRule attributeID="sn">
<PermitValueRule value="student" caseSensitive="false"/>
<Rule xsi:type="AttributeInMetadataValue" onlyIfRequiredvalue="truestaff" caseSensitive="false"/>
<Rule xsi:type="Value" </AttributeRule>
<AttributeRule attributeID="eduPersonAssurance">
<PermitValueRule value="alum" caseSensitive="false"/>
<Rule xsi:type="AttributeInMetadataValue" onlyIfRequiredvalue="truemember" caseSensitive="false"/>
<Rule xsi:type="Value" </AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule value="affiliate" caseSensitive="false"/>
<Rule xsi:type="ANDValue">
value="employee" caseSensitive="false"/>
<Rule xsi:type="AttributeInMetadataValue" onlyIfRequiredvalue="truelibrary-walk-in" caseSensitive="false"/>
</PermitValueRule>
</AttributeRule>
</AttributeFilterPolicy>
<!-- GEANT Data protection Code of Conduct or REFEDS Data Protection Code of Conduct Entity Category -->
<AttributeFilterPolicy id="releaseToCodeOfConduct">
<Rule<PolicyRequirementRule xsi:type="OR">
<Rule xsi:type="Value" value="faculty" ignoreCase="trueEntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1" />
<Rule xsi:type="Value" value="student" ignoreCase="trueEntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="https://refeds.org/category/code-of-conduct/v2" />
</PolicyRequirementRule>
<AttributeRule attributeID="eduPersonTargetedID">
<PermitValueRule <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="ValueAttributeInMetadata" valueonlyIfRequired="staff" ignoreCase="true" />
<Rule </AttributeRule>
<AttributeRule attributeID="eduPersonOrcid">
<PermitValueRule xsi:type="ValueAttributeInMetadata" valueonlyIfRequired="alumtrue" ignoreCase/>
</AttributeRule>
<AttributeRule attributeID="truenorEduPersonNIN" />
<PermitValueRule xsi:type="AND">
<Rule xsi:type="AttributeInMetadata" onlyIfRequired="Valuetrue" value/>
<Rule xsi:type="memberRegistrationAuthority" ignoreCaseregistrars="truehttp://www.swamid.se/" />
<Rule </PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="personalIdentityNumber">
<PermitValueRule xsi:type="Value" value="affiliate" ignoreCaseAND">
<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
<Rule xsi:type="ValueRegistrationAuthority" valueregistrars="employeehttp://www.swamid.se/" ignoreCase="true" />
<Rule </PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="schacDateOfBirth">
<PermitValueRule xsi:type="ValueAttributeInMetadata" valueonlyIfRequired="library-walk-in" ignoreCase="true" />
</Rule>
</PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="eduPersonAffiliation">
true" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="cn">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="ogivenName">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="norEduOrgAcronymsn">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="ceduPersonAssurance">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="coeduPersonScopedAffiliation">
<PermitValueRule <PermitValueRule xsi:type="AND">
<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="schacHomeOrganization">
<PermitValueRule <Rule xsi:type="OR">
<Rule xsi:type="AttributeInMetadataValue" onlyIfRequiredvalue="true" />
</AttributeRule>
<AttributeRule attributeID="schacHomeOrganizationType">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="truefaculty" caseSensitive="false" />
<Rule xsi:type="Value" value="student" caseSensitive="false" />
</AttributeRule>
</AttributeFilterPolicy>
<!-- REFEDS Research and Schoolarship -->
<AttributeFilterPolicy id="releaseToRandS">
<PolicyRequirementRule <Rule xsi:type="Value" value="staff" caseSensitive="false" />
<Rule xsi:type="EntityAttributeExactMatchValue"
value="alum" caseSensitive="false" />
<Rule xsi:type="Value" value="member" caseSensitive="false" />
<Rule xsi:type="Value" attributeName="http://macedir.org/entity-category"
attributeValue="http://refeds.org/category/research-and-scholarship" />
<!-- Alternative configuration examples for ePTID. See the static variables section of the attribute resolver.
<AttributeRule attributeID="eduPersonTargetedID">
value="affiliate" caseSensitive="false" />
<Rule xsi:type="Value" value="employee" caseSensitive="false" />
<Rule xsi:type="Value" value="library-walk-in" caseSensitive="false" />
</Rule>
</PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="eduPersonAffiliation">
<PermitValueRule xsi:type="NOT">
<Rule "AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="o">
<PermitValueRule xsi:type="ValueAttributeInMetadata" valueonlyIfRequired="https://refeds.org/assurance/ID/eppn-unique-no-reassign"true" />
</AttributeRule>
<AttributeRule attributeID="eduPersonAssurancenorEduOrgAcronym" />
<PermitValueRule xsi:type="AttributeInMetadata" </PermitValueRule>
</AttributeRule>
-->
<!--
onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="c">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="eduPersonTargetedIDco">
<PermitValueRule xsi:type="ANYAttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
-->
<AttributeRule attributeID="displayNameschacHomeOrganization">
<PermitValueRule xsi:type="ANYAttributeInMetadata" onlyIfRequired="true" />
</AttributeRule>
<AttributeRule attributeID="givenName">
<AttributeRule attributeID="schacHomeOrganizationType">
<PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="ANYtrue" />
</AttributeRule>
</AttributeFilterPolicy>
<!-- REFEDS Research and Scholarship Entity Category <AttributeRule attributeID-->
<AttributeFilterPolicy id="snreleaseToRefedsResearchAndScholarship">
<PermitValueRule <PolicyRequirementRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://refeds.org/category/research-and-scholarship" />
<AttributeRule attributeID="eduPersonTargetedID">
<PermitValueRule xsi:type="ANYNOT" />
<Rule </AttributeRule>
xsi:type="Value" value="https://refeds.org/assurance/ID/eppn-unique-no-reassign" attributeID="eduPersonAssurance" />
</PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="eduPersonAssurancedisplayName">
<PermitValueRule xsi:type="ANY" />
< </AttributeRule>
<AttributeRule attributeID="eduPersonPrincipalNamegivenName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliationsn">
<PermitValueRule <PermitValueRule xsi:type="OR">
<Rule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="Value" value="facultyANY" ignoreCase="true" />
<Rule </AttributeRule>
<AttributeRule attributeID="eduPersonAssurance">
<PermitValueRule xsi:type="ValueANY" value/>
</AttributeRule>
<AttributeRule attributeID="student" ignoreCase="trueeduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="OR">
<Rule xsi:type="Value" value="stafffaculty" ignoreCasecaseSensitive="truefalse" />
<Rule xsi:type="Value" value="student" caseSensitive="false" />
<Rule xsi:type="Value" value="alumstaff" ignoreCasecaseSensitive="truefalse" />
<Rule xsi:type="Value" value="memberalum" ignoreCasecaseSensitive="truefalse" />
<Rule xsi:type="Value" value="affiliatemember" ignoreCasecaseSensitive="truefalse" />
<Rule xsi:type="Value" value="employeeaffiliate" ignoreCasecaseSensitive="truefalse" />
<Rule xsi:type="Value" value="employee" caseSensitive="false" />
<Rule xsi:type="Value" value="library-walk-in" ignoreCasecaseSensitive="truefalse" />
</PermitValueRule>
< </AttributeRule>
</AttributeFilterPolicy>
<!-- ESI European Student Identifier -->
<AttributeFilterPolicy id="entity-category-european-student-identifier">
<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="https://myacademicid.org/entity-categories/esi" />
<AttributeRule attributeID="schacPersonalUniqueCode">
<PermitValueRule xsi: <PermitValueRule xsi:type="ValueRegex" regex="^urn:schac:personalUniqueCode:int:esi:.*" />
</AttributeRule>
</AttributeFilterPolicy>
<!-- DEPRECATED entity-category-swamid-research-and-education WILL BE REMOVED 2020-10-31 -->
<AttributeFilterPolicy id="entity-category-research-and-education">
<PolicyRequirementRule xsi:type="AND">
<Rule xsi:type="OR">
<Rule xsi:type="EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue attributeValue="http://www.swamid.se/category/eu-adequate-protection" />
<Rule xsi:type="EntityAttributeExactMatch"
attributeName="http attributeName="http://macedir.org/entity-category"
attributeValue="http://www.swamid.se/category/nren-service" />
<Rule xsi:type="EntityAttributeExactMatch"
<Rule xsi:type="EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue attributeValue="http://www.swamid.se/category/hei-service" />
</Rule>
<Rule xsi:type="EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://www.swamid.se/category/research-and-education" />
</PolicyRequirementRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="sn">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="cn">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonAssurance">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="OR">
<Rule xsi:type="Value" value="faculty" ignoreCase="true" />
<Rule xsi:type="Value" value="student" ignoreCase="true" />
<Rule xsi:type="Value" value="staff" ignoreCase="true" />
<Rule xsi:type="Value" value="alum" ignoreCase="true" />
<Rule xsi:type="Value" value="member" ignoreCase="true" />
<Rule xsi:type="Value" value="affiliate" ignoreCase="true" />
</Rule>
<Rule xsi:type="Value" value="employee" ignoreCase="true" />
<RuleEntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://www.swamid.se/category/research-and-education" />
</PolicyRequirementRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="Value" value="library-walk-in" ignoreCase="true" />
</PermitValueRule>
</AttributeRule>
ANY" />
</AttributeRule>
<AttributeRule attributeID="surname">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="odisplayName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="norEduOrgAcronymcommonName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="ceduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonAssurance">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="comail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="schacHomeOrganizationeduPersonScopedAffiliation">
<PermitValueRule xsi:type="ANYOR" />
<Rule xsi:type="Value" value="faculty" </AttributeRule>
</AttributeFilterPolicy>
<!-- DEPRECATED entity-category-sfs-1993-1153 WILL BE REMOVED 2020-10-31-->
<AttributeFilterPolicy id="entity-category-sfs-1993-1153">
<PolicyRequirementRulecaseSensitive="false" />
<Rule xsi:type="Value" value="student" caseSensitive="false" />
<Rule xsi:type="Value" value="staff" caseSensitive="false" />
<Rule xsi:type="EntityAttributeExactMatchValue"
value="alum" caseSensitive="false" attributeName="http://macedir.org/entity-category"
attributeValue="http://www.swamid.se/category/sfs-1993-1153" />
<AttributeRule attributeID="norEduPersonNIN">
/>
<Rule xsi:type="Value" value="member" caseSensitive="false" />
<Rule xsi:type="Value" value="affiliate" caseSensitive="false" />
<Rule xsi:type="Value" value="employee" caseSensitive="false" />
<Rule xsi:type="Value" value="library-walk-in" caseSensitive="false" />
</PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="o">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="norEduOrgAcronym">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonAssuranceco">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="c">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
<!-- TCS - Sectigo 2020-05-01 and forward -->
<!-- Please see https://wiki.sunet.se/display/SWAMID/SAML-konfiguration+Sunet+TCS -->
<AttributeRule attributeID="schacHomeOrganization">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
<!-- for information on how to create a resolver for tcsPersonalEntitlement. DEPRECATED entity-category-sfs-1993-1153 -->
<!--
<AttributeFilterPolicy id="releaseSectigoAttributeBundleentity-category-sfs-1993-1153">
<PolicyRequirementRule xsi:type="Requester" valueEntityAttributeExactMatch"
attributeName="httpshttp://cert-manager.com/shibbolethmacedir.org/entity-category"
attributeValue="http://www.swamid.se/category/sfs-1993-1153" />
<AttributeRule attributeID="eduPersonPrincipalNamenorEduPersonNIN">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="displayNameeduPersonAssurance">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
<!-- Sectigo -->
<AttributeRule attributeID<AttributeFilterPolicy id="givenNamereleaseSectigoAttributeBundle">
<PolicyRequirementRule <PermitValueRule xsi:type="ANY" />
</AttributeRule>
xsi:type="Requester" value="https://cert-manager.com/shibboleth" />
<AttributeRule attributeID="maileduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="sndisplayName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="schacHomeOrganizationgivenName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="tcsPersonalEntitlementsn">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
</AttributeFilterPolicy>
-->
<!-- PLACEHOLDER DO NOT REMOVE -->
</AttributeFilterPolicyGroup> |
...