Help with Specific Attribute Filter

Jason Rotunno jrotunno at
Fri Nov 12 16:01:20 UTC 2021

Hey All,

We're running Shibboleth IdP 4.0.1 and have an attribute filter to release
a set of core attributes to InCommon members:

<!-- Attribute release for all InCommon SPs -->
<AttributeFilterPolicy id="releaseToInCommon">
    <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
    <AttributeRule attributeID="eduPersonPrincipalName">
        <PermitValueRule xsi:type="ANY" />
    <AttributeRule attributeID="eduPersonScopedAffiliation">
        <PermitValueRule xsi:type="ANY" />
    <AttributeRule attributeID="givenName">
        <PermitValueRule xsi:type="ANY" />
    <AttributeRule attributeID="surname">
        <PermitValueRule xsi:type="ANY" />
    <AttributeRule attributeID="displayName">
        <PermitValueRule xsi:type="ANY" />
    <AttributeRule attributeID="email">
        <PermitValueRule xsi:type="ANY" />

There's a particular InCommon SP for which we have to omit sending the
eduPersonScopedAffiliation attribute and I haven't been able to figure out
how to do that. Does anyone have an idea of how to achieve this?



Jason Rotunno
System & Security Administrator
Swarthmore College
500 College Ave
Swarthmore, PA 19081

*VERIFY before you click!!*
  - Attackers make their emails look like they come from someone they don't.
  - Attackers make links look like they go to websites they don't.
  - Attackers disguise malware as receipts, invoices, faxes, etc.

Forward suspicious emails to phishing at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list