Attribute release policy by requester AND attribute
privas
pedro.rivas664 at csuci.edu
Mon Apr 29 16:30:12 EDT 2019
Hi all,
I'm working deploying a fresh 3.4.3 install and I'm having trouble
translating an existing attribute release policy that's dependent on the
requester and an attribute. This is what is currently working:
<afp:AttributeFilterPolicy id="example-sp">
<afp:PolicyRequirementRule xsi:type="basic:AND">
<basic:Rule xsi:type="basic:AttributeRequesterString"
value="https://sp.example.com/shibboleth-sp/"/>
<basic:Rule xsi:type="basic:OR">
<basic:Rule xsi:type="basic:AttributeValueString"
attributeID="eduPersonAffiliation" value="employee" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString"
attributeID="eduPersonAffiliation" value="faculty" ignoreCase="true" />
</basic:Rule>
</afp:PolicyRequirementRule>
<afp:AttributeRule attributeID="employeeID">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
<afp:AttributeRule attributeID="surname">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
<afp:AttributeRule attributeID="givenName">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
<afp:AttributeRule attributeID="mail">
<afp:PermitValueRule xsi:type="basic:ANY" />
</afp:AttributeRule>
</afp:AttributeFilterPolicy>
How can I add a dependency on the eduPersonAffiliation attribute that will
validate using the latest schema?
<AttributeFilterPolicy id="example-sp">
<PolicyRequirementRule xsi:type="AND">
<Rule xsi:type="Requester"
value="https://sp.example.com/shibboleth-sp/" />
</PolicyRequirementRule>
<AttributeRule attributeID="employeeID" permitAny="true" />
<AttributeRule attributeID="surname" permitAny="true" />
<AttributeRule attributeID="givenName" permitAny="true" />
<AttributeRule attributeID="mail" permitAny="true" />
</AttributeFilterPolicy>
Thanks in advance!
--
Sent from: http://shibboleth.1660669.n2.nabble.com/Shibboleth-Users-f1660767.html
More information about the users
mailing list