OBS! UTKAST
Info |
---|
This is an example of a standard entity category based attribute filter for SWAMID 2.0 in a Shibboleth IdP .which fulfils SWAMID's Entity Category attribute release in SWAMID |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="UTF-8"?> <AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" xmlns="urn:mace:shibboleth:2.0:afp" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd"> <!-- REFEDS ReleaseAnonymous theAuthorization transientEntity IDCategory to anyone --> <AttributeFilterPolicy id="releaseTransientIdToAnyonereleaseToRefedsAnonymous"> <PolicyRequirementRule xsi:type="ANY" /> EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/anonymous" /> <AttributeRule attributeID="transientIdeduPersonScopedAffiliation"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> <AttributeRule attributeID="schacHomeOrganization"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> </AttributeFilterPolicy> <!-- GEANT Data protection Code of ConductREFEDS Pseudonymous Authorization Entity Category --> <!-- Supports data minimalisation to prevent use together with anonymous --> <AttributeFilterPolicy id="releaseToCoCoreleaseToRefedsPseudonymous"> <PolicyRequirementRule xsi:type="EntityAttributeExactMatchAND"> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="httphttps://wwwrefeds.geant.netorg/uri/dataprotection-code-of-conduct/v1category/pseudonymous" /> <AttributeRule attributeID="eduPersonTargetedID"> <PermitValueRule<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRuleNOT"> <Rule xsi:type="AttributeInMetadataEntityAttributeExactMatch" onlyIfRequiredattributeName="true" /> </AttributeRule> http://macedir.org/entity-category" attributeValue="https://refeds.org/category/anonymous" /> </Rule> </PolicyRequirementRule> <AttributeRule attributeID="eduPersonUniqueIDsamlPairwiseID"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" ANY"/> </AttributeRule> <AttributeRule attributeID="eduPersonOrcideduPersonScopedAffiliation"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" ANY"/> </AttributeRule> <AttributeRule attributeID="norEduPersonNINschacHomeOrganization"> <PermitValueRule xsi:type="ANDANY"/> <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /</AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <Rule<PermitValueRule xsi:type="RegistrationAuthorityANY" registrars="http://www.swamid.se/" /> </PermitValueRule>AttributeRule> </AttributeRule>AttributeFilterPolicy> <AttributeRule attributeID="personalIdentityNumber"> <PermitValueRule xsi:type="AND<!-- REFEDS Personalized Access Entity Category --> <!-- Supports data minimalisation to prevent use together with anonymous and pseudonymous--> <AttributeFilterPolicy id="releaseToRefedsPersonalized"> <Rule<PolicyRequirementRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /AND"> <Rule xsi:type="RegistrationAuthorityEntityAttributeExactMatch" registrarsattributeName="http://wwwmacedir.swamid.se/org/entity-category" attributeValue="https://refeds.org/category/personalized" /> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="schacDateOfBirth <Rule xsi:type="NOT"> <PermitValueRule<Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /OR"> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule<Rule xsi:type="AttributeInMetadataEntityAttributeExactMatch" onlyIfRequiredattributeName="true" /> </AttributeRule> <AttributeRule attributeID="cn"> <PermitValueRulehttp://macedir.org/entity-category" attributeValue="https://refeds.org/category/anonymous" /> <Rule xsi:type="AttributeInMetadataEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" onlyIfRequiredattributeValue="truehttps://refeds.org/category/pseudonymous" /> </AttributeRule> </Rule> </Rule> </PolicyRequirementRule> <AttributeRule attributeID="displayNamesamlSubjectID"> <PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="givenNamedisplayName"> <PermitValueRule xsi:type="AttributeInMetadataANY" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="sngivenName"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true"ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonAssurancesn"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="trueANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliationmail"> <PermitValueRule xsi:type="ANDANY" /> <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /</AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <Rule<PermitValueRule xsi:type="ORANY" /> </AttributeRule> <Rule<AttributeRule xsi:typeattributeID="Value" value="faculty" ignoreCase="true" /schacHomeOrganization"> <Rule<PermitValueRule xsi:type="ValueANY" value/> </AttributeRule> <AttributeRule attributeID="student" ignoreCase="true" /eduPersonScopedAffiliation"> <PermitValueRule xsi:type="OR"> <Rule xsi:type="Value" value="stafffaculty" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="alumstudent" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="memberstaff" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="affiliatealum" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="employeemember" ignoreCasecaseSensitive="truefalse" /> <Rule xsi:type="Value" value="library-walk-inaffiliate" ignoreCasecaseSensitive="truefalse" /> </Rule> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="eduPersonAffiliation"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" <Rule xsi:type="Value" value="employee" caseSensitive="false"/> </AttributeRule> <AttributeRule attributeID="organizationName"> <PermitValueRule<Rule xsi:type="AttributeInMetadataValue" onlyIfRequiredvalue="truelibrary-walk-in" caseSensitive="false"/> </AttributeRule>PermitValueRule> <AttributeRule attributeID="norEduOrgAcronym"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> </AttributeRule> <AttributeRule attributeID="countryName"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="friendlyCountryName"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganization"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganizationType"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> </AttributeFilterPolicy> <!-- REFEDS Research and Schoolarship --> <AttributeFilterPolicy id="releaseToRandS"> AttributeFilterPolicy> <!-- Rule to honour Subject ID requirement tag in metadata. Used in combination with Geant/Refeds Code of Conduct v* --> <!-- Code of Conduct can be combined with other entity categories --> <!-- Supports data minimalisation to prevent subject-id and pairwise-id being released together --> <AttributeFilterPolicy id="subject-identifiers"> <PolicyRequirementRule xsi:type="EntityAttributeExactMatchOR"> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refedswww.geant.orgnet/categoryuri/researchdataprotection-code-andof-scholarshipconduct/v1" /> <AttributeRule attributeID="eduPersonTargetedID"> <PermitValueRule<Rule xsi:type="ANYEntityAttributeExactMatch" /> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="ANY"attributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/code-of-conduct/v2" /> </AttributeRule>PolicyRequirementRule> <AttributeRule attributeID="givenNamesamlPairwiseID"> <PermitValueRule xsi:type="ANYAND" /> </AttributeRule> <AttributeRule attributeID="surname"> <PermitValueRule<Rule xsi:type="ANYNOT" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule<Rule xsi:type="ANYEntityAttributeExactMatch" /> </AttributeRule> <AttributeRule attributeID="eduPersonUniqueID"> <PermitValueRule xsi:type="ANYattributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/personalized" /> </AttributeRule>Rule> <AttributeRule attributeID <Rule xsi:type="eduPersonAssuranceOR"> <PermitValueRule<Rule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="ANYEntityAttributeExactMatch" attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="pairwise-id" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule<Rule xsi:type="AND"> <Rule xsi:type="AttributeInMetadata" onlyIfRequired="false" /> <RuleEntityAttributeExactMatch" attributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="any" /> </Rule> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="samlSubjectID"> <PermitValueRule xsi:type="ORAND"> <Rule xsi:type="Value" value="faculty" ignoreCase="true" /NOT"> <Rule xsi:type="ValueEntityAttributeExactMatch" value="student" ignoreCase="trueattributeName="http://macedir.org/entity-category" attributeValue="https://refeds.org/category/pseudonymous" /> <Rule xsi:type="Value" value="staff" ignoreCase="true" /></Rule> <Rule xsi:type="ValueEntityAttributeExactMatch" value="alum" ignoreCase="true" /> <Rule xsi:type="Value" value="member" ignoreCase="trueattributeName="urn:oasis:names:tc:SAML:profiles:subject-id:req" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" attributeValue="subject-id" /> <Rule xsi:type="Value" value="affiliate" ignoreCase="true" /> </PermitValueRule> </AttributeRule> </AttributeFilterPolicy> <!-- GEANT Data protection Code of Conduct or REFEDS Data Protection Code of Conduct Entity Category --> <AttributeFilterPolicy id="releaseToCodeOfConduct"> <PolicyRequirementRule xsi:type="OR"> <Rule xsi:type="ValueEntityAttributeExactMatch" valueattributeName="employeehttp://macedir.org/entity-category" ignoreCaseattributeValue="truehttp://www.geant.net/uri/dataprotection-code-of-conduct/v1" /> <Rule xsi:type="ValueEntityAttributeExactMatch" valueattributeName="library-walk-in" ignoreCase="true" /> </Rule>http://macedir.org/entity-category" attributeValue="https://refeds.org/category/code-of-conduct/v2" /> </PermitValueRule> </AttributeRule> </AttributeFilterPolicy> <!-- DEPRECATED entity-category-swamid-research-and-education WILL BE REMOVED 2020-10-31 --> <AttributeFilterPolicy id="entity-category-research-and-education"> <PolicyRequirementRule xsi:type="AND"> PolicyRequirementRule> <AttributeRule attributeID="eduPersonTargetedID"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="eduPersonOrcid"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="norEduPersonNIN"> <PermitValueRule xsi:type="AND"> <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> <Rule xsi:type="RegistrationAuthority" registrars="http://www.swamid.se/" /> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="personalIdentityNumber"> <PermitValueRule xsi:type="AND"> <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> <Rule xsi:type="RegistrationAuthority" registrars="http://www.swamid.se/" /> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="schacDateOfBirth"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="cn"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="sn"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule xsi:type="AND"> <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> <Rule xsi:type="OR"> <Rule xsi:type="Value" value="faculty" caseSensitive="false" /> <Rule xsi:type="Value" value="student" caseSensitive="false" /> <Rule xsi:type="Value" value="staff" caseSensitive="false" /> <Rule xsi:type="Value" value="alum" caseSensitive="false" /> <Rule xsi:type="Value" value="member" caseSensitive="false" /> <Rule xsi:type="Value" value="affiliate" caseSensitive="false" /> <Rule xsi:type="Value" value="employee" caseSensitive="false" /> <Rule xsi:type="Value" value="library-walk-in" caseSensitive="false" /> </Rule> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="eduPersonAffiliation"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="o"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="norEduOrgAcronym"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="c"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="co"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganization"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganizationType"> <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /> </AttributeRule> </AttributeFilterPolicy> <!-- REFEDS Research and Scholarship Entity Category --> <AttributeFilterPolicy id="releaseToRefedsResearchAndScholarship"> <PolicyRequirementRule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship" /> <AttributeRule attributeID="eduPersonTargetedID"> <PermitValueRule xsi:type="NOT"> <Rule xsi:type="Value" value="https://refeds.org/assurance/ID/eppn-unique-no-reassign" attributeID="eduPersonAssurance" /> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="displayName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="sn"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule xsi:type="OR"> <Rule xsi:type="Value" value="faculty" caseSensitive="false" /> <Rule xsi:type="Value" value="student" caseSensitive="false" /> <Rule xsi:type="OR""Value" value="staff" caseSensitive="false" /> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category"Value" value="alum" caseSensitive="false" /> attributeValue="http://www.swamid.se/category/eu-adequate-protection<Rule xsi:type="Value" value="member" caseSensitive="false" /> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category"Value" value="affiliate" caseSensitive="false" /> attributeValue="http://www.swamid.se/category/nren-service<Rule xsi:type="Value" value="employee" caseSensitive="false" /> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category"Value" value="library-walk-in" caseSensitive="false" /> attributeValue="http://www.swamid.se/category/hei-service" /> </Rule> <Rule</PermitValueRule> </AttributeRule> </AttributeFilterPolicy> <!-- ESI European Student Identifier --> <AttributeFilterPolicy id="entity-category-european-student-identifier"> <PolicyRequirementRule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="httphttps://wwwmyacademicid.swamid.se/category/research-and-education" /> </PolicyRequirementRule> <AttributeRule attributeID="givenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> org/entity-categories/esi" /> <AttributeRule attributeID="surnameschacPersonalUniqueCode"> <PermitValueRule xsi:type="ANY="ValueRegex" regex="^urn:schac:personalUniqueCode:int:esi:.*" /> </AttributeRule> <AttributeRule attributeID="displayName"</AttributeFilterPolicy> <!-- DEPRECATED entity-category-swamid-research-and-education --> <AttributeFilterPolicy id="entity-category-research-and-education"> <PermitValueRule<PolicyRequirementRule xsi:type="ANYAND" /> </AttributeRule> <AttributeRule<Rule attributeIDxsi:type="commonNameOR"> <PermitValueRule <Rule xsi:type="ANYEntityAttributeExactMatch" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="ANY"attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/eu-adequate-protection" /> </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <PermitValueRule<Rule xsi:type="ANYEntityAttributeExactMatch" /> </AttributeRule> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="ANYattributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/nren-service" /> </AttributeRule> <AttributeRule attributeID="eduPersonScopedAffiliation"> <PermitValueRule<Rule xsi:type="OR"> <Rule xsi:type="Value" value="faculty" ignoreCase="true" />EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/hei-service" /> </Rule> <Rule xsi:type="ValueEntityAttributeExactMatch" valueattributeName="studenthttp://macedir.org/entity-category" ignoreCaseattributeValue="truehttp://www.swamid.se/category/research-and-education" /> </PolicyRequirementRule> <Rule xsi:type="Value" value="staff" ignoreCase="true" /<AttributeRule attributeID="givenName"> <Rule<PermitValueRule xsi:type="Value" value="alum" ignoreCase="true" /ANY" /> </AttributeRule> <AttributeRule attributeID="sn"> <Rule<PermitValueRule xsi:type="ValueANY" value="member" ignoreCase="true" /> </AttributeRule> <Rule xsi:type="Value" value="affiliate" ignoreCase="true" /<AttributeRule attributeID="displayName"> <Rule<PermitValueRule xsi:type="Value" value="employee" ignoreCase="true" /ANY" /> </AttributeRule> <AttributeRule attributeID="cn"> <Rule<PermitValueRule xsi:type="ValueANY" value="library-walk-in" ignoreCase="true/> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalName"> <PermitValueRule xsi:type="ANY" /> </PermitValueRule>AttributeRule> </AttributeRule> <AttributeRule attributeID="organizationNameeduPersonAssurance"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="norEduOrgAcronymmail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="countryNameeduPersonScopedAffiliation"> <PermitValueRule xsi:type="ANYOR" /> </AttributeRule> <AttributeRule attributeID="friendlyCountryName"> <PermitValueRule xsi:type="ANY <Rule xsi:type="Value" value="faculty" caseSensitive="false" /> <Rule xsi:type="Value" value="student" caseSensitive="false" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganization"> <PermitValueRule<Rule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy> <!-- DEPRECATED entity-category-sfs-1993-1153 WILL BE REMOVED 2020-10-31--> <AttributeFilterPolicy id="entity-category-sfs-1993-1153"> <PolicyRequirementRuleValue" value="staff" caseSensitive="false" /> <Rule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/sfs-1993-1153Value" value="alum" caseSensitive="false" /> <AttributeRule attributeID="norEduPersonNIN"> <PermitValueRule <Rule xsi:type="Value" value="member" caseSensitive="false" /> <Rule xsi:type="ANY"Value" value="affiliate" caseSensitive="false" /> </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <PermitValueRule <Rule xsi:type="Value" value="employee" caseSensitive="false" /> <Rule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy> <!-- Examples of entityId based release to Service Providers --> <!-- Release to testshib.org --> <!-- <AttributeFilterPolicy id="testShib"> <PolicyRequirementRuleValue" value="library-walk-in" caseSensitive="false" /> </PermitValueRule> </AttributeRule> <AttributeRule attributeID="o"> <PermitValueRule xsi:type="RequesterANY" value="https://sp.testshib.org/shibboleth-sp" /> </AttributeRule> <AttributeRule attributeID="givenNamenorEduOrgAcronym"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="commonNameco"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="surnamec"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="principalschacHomeOrganization"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy> --> <!-- NyA-webben UHR --> <!-- <AttributeFilterPolicy id="releaseNyAwebbenEntitlement"> <PolicyRequirementRule xsi:type="OR"> <RuleDEPRECATED entity-category-sfs-1993-1153 --> <AttributeFilterPolicy id="entity-category-sfs-1993-1153"> <PolicyRequirementRule xsi:type="EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://www.swamid.se/category/sfs-1993-1153" /> <AttributeRule attributeID="norEduPersonNIN"> <PermitValueRule xsi:type="RequesterANY" value="https://expert.antagning.se/ecs-sp" //> </AttributeRule> <AttributeRule attributeID="eduPersonAssurance"> <Rule <PermitValueRule xsi:type="RequesterANY" value="https://expert.testa.antagning.se/ecs-sp" //> </AttributeRule> </AttributeFilterPolicy> <!-- Sectigo --> <AttributeFilterPolicy id="releaseSectigoAttributeBundle"> <Rule<PolicyRequirementRule xsi:type="Requester" value="https://expert.testb.antagning.se/ecs-sp//cert-manager.com/shibboleth" /> </PolicyRequirementRule> <AttributeRule attributeID="NyAwebbenEntitlementeduPersonPrincipalName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> </AttributeFilterPolicy> --> <!-- New TCS Personal --> <!-- <AttributeFilterPolicy id="releaseTcsPersonalEntitlement <AttributeRule attributeID="displayName"> <PolicyRequirementRule <PermitValueRule xsi:type="Requester" value="https://www.digicert.com/ssoANY" /> </AttributeRule> <AttributeRule attributeID="displayNamegivenName"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="eduPersonPrincipalNamemail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="tcsPersonalEntitlementsn"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="emailschacHomeOrganization"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> <AttributeRule attributeID="schacHomeOrganizationtcsPersonalEntitlement"> <PermitValueRule xsi:type="ANY"/> </AttributeRule> < </AttributeFilterPolicy> --> <!-- PLACEHOLDER DO NOT REMOVE --> </AttributeFilterPolicyGroup> |
...