-
Notifications
You must be signed in to change notification settings - Fork 7
AttributeFilterConfiguration
jalauros edited this page Oct 10, 2017
·
29 revisions
For basic attribute filtering you should refer to Shibboleth IdP 3 AttributeFilterConfiguration. Here we document the additional components provided by shibboleth oidc extension.
OIDC extension RuleTypes for AttributeFilterPolicyConfiguration
- oidcext:OIDCScope, PolicyRule for comparing the scope values of the authentication request to a string.
`
<!-- This demonstrates a rule that releases claims in response to oidc authentication
request of demo_rp with requested scope info -->
<AttributeFilterPolicy id="DEMO_RP_SCOPE_INFO">
<PolicyRequirementRule xsi:type="AND">
<Rule xsi:type="Requester" value="demo_rp" />
<Rule xsi:type="oidcext:OIDCScope" value="info" />
</PolicyRequirementRule>
<AttributeRule attributeID="age">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonAffiliation">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
`