AW: Release different value for affiliation based on service provider
Ortner Nikolaus
N.Ortner at fh-kaernten.at
Wed Nov 14 03:29:12 EST 2012
> We do something like this with "mapped" resolvers.
You could also use a single attribute (uh_eduPersonAffiliation) with the full information (faculty, staff, student) and have the filter sort it out.
Something like:
===== conf/attribute-filter.xml =====
<!-- SP_1 -->
<afp:AttributeFilterPolicy id="sp_1">
<afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString"
value="https://sp1.example.com" />
<afp:AttributeRule attributeID="uh_eduPersonAffiliation">
<afp:PermitValueRule xsi:type="basic:OR">
<basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />
</afp:PermitValueRule>
</afp:AttributeRule>
</afp:AttributeFilterPolicy>
<!-- /SP_1 -->
<!-- SP_2 -->
<afp:AttributeFilterPolicy id="sp_2">
<afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString"
value="https://sp2.example.org" />
<afp:AttributeRule attributeID="uh_eduPersonAffiliation ">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
</afp:AttributeFilterPolicy>
<!-- /SP_2 -->
===============================
More information about the users
mailing list