Versions Compared

Old Version 5

changes.mady.by.user Nicole Harris

Saved on

compared with

New Version 6

changes.mady.by.user Nicole Harris

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
<AttributeFilterPolicy id="refedsAnonymousAuthorizationCategoryTemplate"> 
  <PolicyRequirementRule xsi:type="Requester"
      value="https://sp.example.org"/>


Code Block
  <!-- In this example, the IdP by default releases ePPN and ePTID. 
       This configuration overrides those defaults and blocks 
       their release. -->
  <AttributeRule attributeID="eduPersonPrincipalName">
    <DenyValueRule xsi:type="ANY"/>
  </AttributeRule>
  <AttributeRule attributeID="eduPersonTargetedID">
    <DenyValueRule xsi:type="ANY"/>
  </AttributeRule>


Code Block
<!-- Release attributes defined in the Anonymous Authorization 
      category --> 
  <AttributeRule attributeID="eduPersonScopedAffiliation">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule> 
  <AttributeRule attributeID="eduPersonOrgDN">
    <PermitValueRule xsi:type="ANY"/>
  </AttributeRule>


Code Block
<!-- Release entitlement values defined by MACE-DIR as well as those   
       specific to example.org’s demo service -->
  <AttributeRule attributeID="eduPersonEntitlement">
    <PermitValueRule xsi:type="OR">
      <Rule xsi:type="ValueRegex"          
            regex="^urn:mace:example.org:demoservice:.*$" />
      <Rule xsi:type="ValueRegex" 
            regex="^urn:mace:dir:entitlement:.*$" />
    </PermitValueRule>
  </AttributeRule>
</AttributeFilterPolicy>