...
Code Block |
---|
<!--
Release all required and optional attributes, for any service,
to the CCC IdP Proxy, so it in turn can release only the
needed attributes to the services on the other side
of the IdP Proxy. All attributes will not be sent to all services,
just the needed ones for a given service. The attributes here should
constitute a "union" of all possible attributes for any service.
-->
<AttributeFilterPolicy id="CCCWideReleaseForIdPProxy">
<PolicyRequirementRule xsi:type="OR">
<Rule xsi:type="Requester" value="https://sso.ci.cccmypath.org/simplesaml/module.php/saml/sp/metadata.php"/>
<Rule xsi:type="Requester" value="https://sso.test.cccmypath.org/simplesaml/module.php/saml/sp/metadata.php"/>
<Rule xsi:type="Requester" value="https://sso.pilot.cccmypath.org/simplesaml/module.php/saml/sp/metadata.php"/>
<Rule xsi:type="Requester" value="https://sso.cccmypath.org/simplesaml/module.php/saml/sp/metadata.php"/>
</PolicyRequirementRule>
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="uid">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="email">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="givenName">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="surname">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="displayName">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="eduPersonAffiliation">
<PermitValueRule xsi:type="OR">
<Rule xsi:type="Value" value="faculty" ignoreCase="true"/>
<Rule xsi:type="Value" value="student" ignoreCase="true"/>
<Rule xsi:type="Value" value="staff" ignoreCase="true"/>
<Rule xsi:type="Value" value="alum" ignoreCase="true"/>
<Rule xsi:type="Value" value="member" ignoreCase="true"/>
<Rule xsi:type="Value" value="affiliate" ignoreCase="true"/>
<Rule xsi:type="Value" value="employee" ignoreCase="true"/>
<Rule xsi:type="Value" value="library-walk-in" ignoreCase="true"/>
</PermitValueRule>
</AttributeRule>
<AttributeRule attributeID="eduPersonPrimaryAffiliation">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<!-- CCC specific attributes -->
<AttributeRule attributeID="cccId">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="cccMisCode">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<!-- Less likely attributes to be populated, but release if available -->
<AttributeRule attributeID="mobileNumber">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="homePhone">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="telephoneNumber">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="postalAddress">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="street">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="locality">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="stateProvince">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
<AttributeRule attributeID="postalCode">
<PermitValueRule xsi:type="ANY"/>
</AttributeRule>
</AttributeFilterPolicy> |
...