...
Aconet Example: Configuring an IdP
Aconet provides guidance to both SPs and IdPs on its wiki pages for R regarding the R&S implementationcategory. The following is the example policy recommended configuration for IdPs from Aconet:
Code Block |
---|
<afp:AttributeFilterPolicy id="REFEDSResearchAndScholarship"> <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <!-- Minimal subset of the "R and S" attribute bundle. --> <!-- If ePPN values could be reassigned you MUST also release eduPersonTargetedID --> <afp:AttributeRule attributeID="eduPersonPrincipalName"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> <afp:AttributeRule attributeID="eduPersonTargetedID"> <afp:PermitValueRule xsi:type="saml:AttributeInMetadata" onlyIfRequired="false"/> </afp:AttributeRule> <afp:AttributeRule attributeID="email"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> <afp:AttributeRule attributeID="displayName"> <afp:PermitValueRule xsi:type="basic:ANY" /> </afp:AttributeRule> <!-- Other attributes only if requested (could also be released unconditionally) --> <afp:AttributeRule attributeID="givenName"> <afp:PermitValueRule xsi:type="saml:AttributeInMetadata" onlyIfRequired="false"/> </afp:AttributeRule> <afp:AttributeRule attributeID="surname"> <afp:PermitValueRule xsi:type="saml:AttributeInMetadata" onlyIfRequired="false"/> </afp:AttributeRule> <afp:AttributeRule attributeID="eduPersonScopedAffiliation"> <afp:PermitValueRule xsi:type="saml:AttributeInMetadata" onlyIfRequired="false"/> </afp:AttributeRule> </afp:AttributeFilterPolicy> |
...