Help with Specific Attribute Filter
Jason Rotunno
jrotunno at swarthmore.edu
Fri Nov 12 16:01:20 UTC 2021
Hey All,
We're running Shibboleth IdP 4.0.1 and have an attribute filter to release
a set of core attributes to InCommon members:
<!-- Attribute release for all InCommon SPs -->
<AttributeFilterPolicy id="releaseToInCommon">
<PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="
http://id.incommon.org/category/registered-by-incommon"/>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonScopedAffiliation">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="surname">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="email">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
There's a particular InCommon SP for which we have to omit sending the
eduPersonScopedAffiliation attribute and I haven't been able to figure out
how to do that. Does anyone have an idea of how to achieve this?
Thanks,
Jason
--
Jason Rotunno
System & Security Administrator
Swarthmore College
500 College Ave
Swarthmore, PA 19081
610.328.8505
*VERIFY before you click!!*
- Attackers make their emails look like they come from someone they don't.
- Attackers make links look like they go to websites they don't.
- Attackers disguise malware as receipts, invoices, faxes, etc.
Forward suspicious emails to phishing at swarthmore.edu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20211112/071c7044/attachment.htm>
More information about the users
mailing list