initial commit
This commit is contained in:
example
176
plugins/attribute_policy.yaml
Normal file
176
plugins/attribute_policy.yaml
Normal file
@@ -0,0 +1,176 @@
|
||||
module: satosa.micro_services.attribute_policy.AttributePolicy
|
||||
name: attributePolicy
|
||||
config:
|
||||
policies:
|
||||
- id: REFEDSResearchAndScholarship
|
||||
rules:
|
||||
- type: EntityAttributeExactMatch
|
||||
attributeName: "http://macedir.org/entity-category"
|
||||
attributeValue: "http://refeds.org/category/research-and-scholarship"
|
||||
allowed:
|
||||
- eduPersonPrincipalName
|
||||
- eduPersonTargetedID
|
||||
- mail
|
||||
- displayName
|
||||
- givenName
|
||||
- sn
|
||||
- eduPersonScopedAffiliation
|
||||
|
||||
- id: GeantEEADataProtectionCodeOfConduct
|
||||
rules:
|
||||
- type: EntityAttributeExactMatch
|
||||
attributeName: "http://macedir.org/entity-category"
|
||||
attributeValue: "http://www.geant.net/uri/dataprotection-code-of-conduct/v1"
|
||||
allowed:
|
||||
- displayName
|
||||
- givenName
|
||||
- sn
|
||||
- mail
|
||||
- eduPersonScopedAffiliation
|
||||
- eduPersonPrincipalName
|
||||
- eduPersonUniqueId
|
||||
- eduPersonTargetedID
|
||||
- schacPersonalUniqueCode
|
||||
- schacHomeOrganization
|
||||
|
||||
- id: MyAcacemicID
|
||||
rules:
|
||||
- type: EntityAttributeExactMatch
|
||||
attributeName: "http://macedir.org/entity-category"
|
||||
attributeValue: "https://myacademicid.org/entity-categories/esi"
|
||||
allowed:
|
||||
- schacPersonalUniqueCode
|
||||
- eduPersonEntitlement
|
||||
|
||||
- id: RegisteredByACOnetRequiredAttributes
|
||||
rules:
|
||||
- type: RegistrationAuthority
|
||||
registrars: "http://eduid.at"
|
||||
allowed:
|
||||
- displayName
|
||||
- givenName
|
||||
- sn
|
||||
- mail
|
||||
- eduPersonScopedAffiliation
|
||||
- eduPersonPrincipalName
|
||||
- eduPersonUniqueId
|
||||
- eduPersonTargetedID
|
||||
- schacHomeOrganization
|
||||
- eduPersonEntitlement
|
||||
|
||||
- id: eduID.at-Demo-SP
|
||||
rules:
|
||||
- type: Requester
|
||||
value: "https://test-sp.aco.net/shibboleth"
|
||||
allowed:
|
||||
- givenName
|
||||
- sn
|
||||
- displayName
|
||||
- mail
|
||||
- samlSubjectID
|
||||
- samlPairwiseID
|
||||
- eduPersonPrincipalName
|
||||
- eduPersonScopedAffiliation
|
||||
- eduPersonEntitlement
|
||||
- eduPersonTargetedID
|
||||
- schacHomeOrganization
|
||||
- schacPersonalUniqueCode
|
||||
|
||||
- id: brzportal
|
||||
rules:
|
||||
- type: Requester
|
||||
value: "https://federation.portal.at/sp_metadata.xml"
|
||||
- type: Requester
|
||||
value: "https://federation2.portal.at/sp_metadata.xml"
|
||||
allowed:
|
||||
- eduPersonScopedAffiliation
|
||||
- SAPemployeeNumber
|
||||
- displayName
|
||||
- sn
|
||||
- givenName
|
||||
- eduPersonTargetedID
|
||||
- mail
|
||||
- schacHomeOrganization
|
||||
- cn
|
||||
- eduPersonPrincipalName
|
||||
|
||||
- id: mobility
|
||||
rules:
|
||||
- type: Requester
|
||||
value: "https://mobility.uni-graz.at/mobility"
|
||||
allowed:
|
||||
- eduPersonScopedAffiliation
|
||||
- cn
|
||||
- displayName
|
||||
- eduPersonPrincipalName
|
||||
- mail
|
||||
- o
|
||||
- ou
|
||||
- postalAddress
|
||||
- title
|
||||
- uid
|
||||
- obfuscatedID
|
||||
- eduPersonTargetedID
|
||||
security:
|
||||
force_authn: true
|
||||
authn_context: [ "https://refeds.org/profile/mfa" ]
|
||||
|
||||
- id: exam-extern
|
||||
rules:
|
||||
- type: Requester
|
||||
value: "https://exam-extern.uni-graz.at/sso/module.php/saml/sp/metadata.php/exam"
|
||||
allowed:
|
||||
- eduPersonScopedAffiliation
|
||||
- cn
|
||||
- givenName
|
||||
- sn
|
||||
- mail
|
||||
- uid
|
||||
- eduPersonAffiliation
|
||||
- eduPersonPrincipalName
|
||||
- eduPersonTargetedID
|
||||
- displayName
|
||||
|
||||
- id: ubg-alma
|
||||
rules:
|
||||
- type: Requester
|
||||
value: "https://obv-at-ubg.alma.exlibrisgroup.com/mng/login"
|
||||
allowed:
|
||||
- eduPersonScopedAffiliation
|
||||
- schacHomeOrganization
|
||||
- mail
|
||||
- eduPersonPrincipalName
|
||||
- eduPersonTargetedID
|
||||
- givenName
|
||||
- displayName
|
||||
- sn
|
||||
- PMidentNr
|
||||
|
||||
- id: harica
|
||||
rules:
|
||||
- type: Requester
|
||||
value: "https://exam-extern.uni-graz.at/sso/module.php/saml/sp/metadata.php/exam"
|
||||
allowed:
|
||||
- eduPersonScopedAffiliation
|
||||
- cn
|
||||
- givenName
|
||||
- sn
|
||||
- mail
|
||||
- uid
|
||||
- eduPersonAffiliation
|
||||
- eduPersonPrincipalName
|
||||
- eduPersonTargetedID
|
||||
- displayName
|
||||
|
||||
- id: default
|
||||
rules:
|
||||
- type: ANY
|
||||
allowed:
|
||||
- eduPersonScopedAffiliation
|
||||
- schacHomeOrganization
|
||||
- mail
|
||||
- eduPersonPrincipalName
|
||||
- eduPersonTargetedID
|
||||
- givenName
|
||||
- displayName
|
||||
- sn
|
||||
Reference in New Issue
Block a user