...
Code Block |
---|
<AttributeFilterPolicy id="refedsAnonymousAuthorizationCategoryTemplate"> <PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org"/> |
Code Block |
---|
<!-- In this example, the IdP by default releases ePPN and ePTID.
This configuration overrides those defaults and blocks
their release. -->
<AttributeRule attributeID="eduPersonPrincipalName">
<DenyValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="eduPersonTargetedID">
<DenyValueRule xsi:type="ANY"/>
</AttributeRule> |
Code Block |
---|
<!-- Release attributes defined in the Anonymous Authorization
category -->
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="eduPersonOrgDN">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule> |
Code Block |
---|
<!-- Release entitlement values defined by MACE-DIR as well as those
specific to example.org’s demo service -->
<AttributeRule attributeID="eduPersonEntitlement">
<PermitValueRule xsi:type="OR">
<Rule xsi:type="ValueRegex"
regex="^urn:mace:example.org:demoservice:.*$" />
<Rule xsi:type="ValueRegex"
regex="^urn:mace:dir:entitlement:.*$" />
</PermitValueRule>
</AttributeRule>
</AttributeFilterPolicy> |