...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?> <AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" xmlns="urn:mace:shibboleth:2.0:afp" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd"> <!-- GEANTREFEDS DataAnonymous protectionAuthorization CodeEntity ofCategory Conduct --> <AttributeFilterPolicy id="releaseToCoCoreleaseToRefedsAnonymous"> <PolicyRequirementRule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="httphttps://wwwrefeds.geant.netorg/uri/dataprotection-code-of-conduct/v1category/anonymous" /> <AttributeRule attributeID="eduPersonTargetedIDeduPersonScopedAffiliation"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" ANY"/> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalNameschacHomeOrganization"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> ANY"/> </AttributeRule> </AttributeFilterPolicy> <!-- REFEDS Pseudonymous Authorization Entity Category <AttributeRule attributeID--> <AttributeFilterPolicy id="eduPersonOrcidreleaseToRefedsPseudonymous"> <PermitValueRule <PolicyRequirementRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />EntityAttributeExactMatch" </AttributeRule>attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/pseudonymous" /> <AttributeRule attributeID="norEduPersonNINsamlPairwiseID"> <PermitValueRule xsi:type="ANDANY"/> </AttributeRule> <Rule <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> <Rule ANY"/> </AttributeRule> <AttributeRule attributeID="schacHomeOrganization"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <PermitValueRule xsi:type="RegistrationAuthorityANY" registrars="http://www.swamid.se/" /> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="personalIdentityNumber"> <PermitValueRule /> </AttributeRule> </AttributeFilterPolicy> <!-- REFEDS Personalized Access Entity Category --> <AttributeFilterPolicy id="releaseToRefedsPersonalized"> <PolicyRequirementRule xsi:type="ANDEntityAttributeExactMatch"> <Rule attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/personalized" /> <AttributeRule attributeID="samlSubjectID"> <PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" /> <Rule </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="RegistrationAuthorityANY" registrars="http://www.swamid.se/" /> </PermitValueRule> </AttributeRule> /> </AttributeRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="schacDateOfBirthsn"> <PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" /> /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="cneduPersonAssurance"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="trueANY" /> </AttributeRule> <AttributeRule attributeID="displayNameschacHomeOrganization"> <PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" /> /> </AttributeRule> <AttributeRule attributeID="givenNameeduPersonScopedAffiliation"> <PermitValueRule <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="truexsi:type="OR"> <Rule xsi:type="Value" value="faculty" caseSensitive="false" /> <Rule xsi:type="Value" </AttributeRule> <AttributeRule attributeID="sn"> <PermitValueRule value="student" caseSensitive="false"/> <Rule xsi:type="AttributeInMetadataValue" onlyIfRequiredvalue="truestaff" caseSensitive="false"/> <Rule xsi:type="Value" </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <PermitValueRule value="alum" caseSensitive="false"/> <Rule xsi:type="AttributeInMetadataValue" onlyIfRequiredvalue="truemember" caseSensitive="false"/> <Rule xsi:type="Value" </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule value="affiliate" caseSensitive="false"/> <Rule xsi:type="ANDValue"> value="employee" caseSensitive="false"/> <Rule xsi:type="AttributeInMetadataValue" onlyIfRequiredvalue="truelibrary-walk-in" caseSensitive="false"/> </PermitValueRule> </AttributeRule> </AttributeFilterPolicy> <!-- GEANT Data protection Code of Conduct or REFEDS Data Protection Code of Conduct Entity Category --> <AttributeFilterPolicy id="releaseToCodeOfConduct"> <Rule<PolicyRequirementRule xsi:type="OR"> <Rule xsi:type="Value" value="faculty" ignoreCase="trueEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1" /> <Rule xsi:type="Value" value="student" ignoreCase="trueEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/code-of-conduct/v2" /> </PolicyRequirementRule> <AttributeRule attributeID="eduPersonTargetedID"> <PermitValueRule <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="ValueAttributeInMetadata" valueonlyIfRequired="staff" ignoreCase="true" /> <Rule </AttributeRule> <AttributeRule attributeID="eduPersonOrcid"> <PermitValueRule xsi:type="ValueAttributeInMetadata" valueonlyIfRequired="alumtrue" ignoreCase/> </AttributeRule> <AttributeRule attributeID="truenorEduPersonNIN" /> <PermitValueRule xsi:type="AND"> <Rule xsi:type="AttributeInMetadata" onlyIfRequired="Valuetrue" value/> <Rule xsi:type="memberRegistrationAuthority" ignoreCaseregistrars="truehttp://www.swamid.se/" /> <Rule </PermitValueRule> </AttributeRule> <AttributeRule attributeID="personalIdentityNumber"> <PermitValueRule xsi:type="Value" value="affiliate" ignoreCaseAND"> <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> <Rule xsi:type="ValueRegistrationAuthority" valueregistrars="employeehttp://www.swamid.se/" ignoreCase="true" /> <Rule </PermitValueRule> </AttributeRule> <AttributeRule attributeID="schacDateOfBirth"> <PermitValueRule xsi:type="ValueAttributeInMetadata" valueonlyIfRequired="library-walk-in" ignoreCase="true" /> </Rule> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="eduPersonAffiliation"> true" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="cn"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="ogivenName"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="norEduOrgAcronymsn"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="ceduPersonAssurance"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="coeduPersonScopedAffiliation"> <PermitValueRule <PermitValueRule xsi:type="AND"> <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganization"> <PermitValueRule <Rule xsi:type="OR"> <Rule xsi:type="AttributeInMetadataValue" onlyIfRequiredvalue="true" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganizationType"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="truefaculty" caseSensitive="false" /> <Rule xsi:type="Value" value="student" caseSensitive="false" /> </AttributeRule> </AttributeFilterPolicy> <!-- REFEDS Research and Schoolarship --> <AttributeFilterPolicy id="releaseToRandS"> <PolicyRequirementRule <Rule xsi:type="Value" value="staff" caseSensitive="false" /> <Rule xsi:type="EntityAttributeExactMatchValue" value="alum" caseSensitive="false" /> <Rule xsi:type="Value" value="member" caseSensitive="false" /> <Rule xsi:type="Value" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship" /> <!-- Alternative configuration examples for ePTID. See the static variables section of the attribute resolver. <AttributeRule attributeID="eduPersonTargetedID"> value="affiliate" caseSensitive="false" /> <Rule xsi:type="Value" value="employee" caseSensitive="false" /> <Rule xsi:type="Value" value="library-walk-in" caseSensitive="false" /> </Rule> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="eduPersonAffiliation"> <PermitValueRule xsi:type="NOT"> <Rule "AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="o"> <PermitValueRule xsi:type="ValueAttributeInMetadata" valueonlyIfRequired="https://refeds.org/assurance/ID/eppn-unique-no-reassign"true" /> </AttributeRule> <AttributeRule attributeID="eduPersonAssurancenorEduOrgAcronym" /> <PermitValueRule xsi:type="AttributeInMetadata" </PermitValueRule> </AttributeRule> --> <!-- onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="c"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="eduPersonTargetedIDco"> <PermitValueRule xsi:type="ANYAttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> --> <AttributeRule attributeID="displayNameschacHomeOrganization"> <PermitValueRule xsi:type="ANYAttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="givenName"> <AttributeRule attributeID="schacHomeOrganizationType"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="ANYtrue" /> </AttributeRule> </AttributeFilterPolicy> <!-- REFEDS Research and Scholarship Entity Category <AttributeRule attributeID--> <AttributeFilterPolicy id="snreleaseToRefedsResearchAndScholarship"> <PermitValueRule <PolicyRequirementRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="mail"> EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship" /> <AttributeRule attributeID="eduPersonTargetedID"> <PermitValueRule xsi:type="ANYNOT" /> <Rule </AttributeRule> xsi:type="Value" value="https://refeds.org/assurance/ID/eppn-unique-no-reassign" attributeID="eduPersonAssurance" /> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="eduPersonAssurancedisplayName"> <PermitValueRule xsi:type="ANY" /> < </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalNamegivenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliationsn"> <PermitValueRule <PermitValueRule xsi:type="OR"> <Rule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="Value" value="facultyANY" ignoreCase="true" /> <Rule </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <PermitValueRule xsi:type="ValueANY" value/> </AttributeRule> <AttributeRule attributeID="student" ignoreCase="trueeduPersonPrincipalName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule xsi:type="OR"> <Rule xsi:type="Value" value="stafffaculty" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="student" caseSensitive="false" /> <Rule xsi:type="Value" value="alumstaff" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="memberalum" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="affiliatemember" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="employeeaffiliate" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="employee" caseSensitive="false" /> <Rule xsi:type="Value" value="library-walk-in" ignoreCasecaseSensitive="truefalse" /> </PermitValueRule> < </AttributeRule> </AttributeFilterPolicy> <!-- ESI European Student Identifier --> <AttributeFilterPolicy id="entity-category-european-student-identifier"> <PolicyRequirementRule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://myacademicid.org/entity-categories/esi" /> <AttributeRule attributeID="schacPersonalUniqueCode"> <PermitValueRule xsi: <PermitValueRule xsi:type="ValueRegex" regex="^urn:schac:personalUniqueCode:int:esi:.*" /> </AttributeRule> </AttributeFilterPolicy> <!-- DEPRECATED entity-category-swamid-research-and-education WILL BE REMOVED 2020-10-31 --> <AttributeFilterPolicy id="entity-category-research-and-education"> <PolicyRequirementRule xsi:type="AND"> <Rule xsi:type="OR"> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue attributeValue="http://www.swamid.se/category/eu-adequate-protection" /> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/nren-service" /> <Rule xsi:type="EntityAttributeExactMatch" <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue attributeValue="http://www.swamid.se/category/hei-service" /> </Rule> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/research-and-education" /> </PolicyRequirementRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="sn"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="cn"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule xsi:type="OR"> <Rule xsi:type="Value" value="faculty" ignoreCase="true" /> <Rule xsi:type="Value" value="student" ignoreCase="true" /> <Rule xsi:type="Value" value="staff" ignoreCase="true" /> <Rule xsi:type="Value" value="alum" ignoreCase="true" /> <Rule xsi:type="Value" value="member" ignoreCase="true" /> <Rule xsi:type="Value" value="affiliate" ignoreCase="true" /> </Rule> <Rule xsi:type="Value" value="employee" ignoreCase="true" /> <RuleEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/research-and-education" /> </PolicyRequirementRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="Value" value="library-walk-in" ignoreCase="true" /> </PermitValueRule> </AttributeRule> ANY" /> </AttributeRule> <AttributeRule attributeID="surname"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="odisplayName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="norEduOrgAcronymcommonName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="ceduPersonPrincipalName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="comail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganizationeduPersonScopedAffiliation"> <PermitValueRule xsi:type="ANYOR" /> <Rule xsi:type="Value" value="faculty" </AttributeRule> </AttributeFilterPolicy> <!-- DEPRECATED entity-category-sfs-1993-1153 WILL BE REMOVED 2020-10-31--> <AttributeFilterPolicy id="entity-category-sfs-1993-1153"> <PolicyRequirementRulecaseSensitive="false" /> <Rule xsi:type="Value" value="student" caseSensitive="false" /> <Rule xsi:type="Value" value="staff" caseSensitive="false" /> <Rule xsi:type="EntityAttributeExactMatchValue" value="alum" caseSensitive="false" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/sfs-1993-1153" /> <AttributeRule attributeID="norEduPersonNIN"> /> <Rule xsi:type="Value" value="member" caseSensitive="false" /> <Rule xsi:type="Value" value="affiliate" caseSensitive="false" /> <Rule xsi:type="Value" value="employee" caseSensitive="false" /> <Rule xsi:type="Value" value="library-walk-in" caseSensitive="false" /> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="o"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="norEduOrgAcronym"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonAssuranceco"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="c"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy> <!-- TCS - Sectigo 2020-05-01 and forward --> <!-- Please see https://wiki.sunet.se/display/SWAMID/SAML-konfiguration+Sunet+TCS --> <AttributeRule attributeID="schacHomeOrganization"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy> <!-- for information on how to create a resolver for tcsPersonalEntitlement. DEPRECATED entity-category-sfs-1993-1153 --> <!-- <AttributeFilterPolicy id="releaseSectigoAttributeBundleentity-category-sfs-1993-1153"> <PolicyRequirementRule xsi:type="Requester" valueEntityAttributeExactMatch" attributeName="httpshttp://cert-manager.com/shibbolethmacedir.org/entity-category" attributeValue="http://www.swamid.se/category/sfs-1993-1153" /> <AttributeRule attributeID="eduPersonPrincipalNamenorEduPersonNIN"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="displayNameeduPersonAssurance"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy> <!-- Sectigo --> <AttributeRule attributeID<AttributeFilterPolicy id="givenNamereleaseSectigoAttributeBundle"> <PolicyRequirementRule <PermitValueRule xsi:type="ANY" /> </AttributeRule> xsi:type="Requester" value="https://cert-manager.com/shibboleth" /> <AttributeRule attributeID="maileduPersonPrincipalName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="sndisplayName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganizationgivenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="tcsPersonalEntitlementsn"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> </AttributeFilterPolicy> --> <!-- PLACEHOLDER DO NOT REMOVE --> </AttributeFilterPolicyGroup> |
...