module: satosa.micro_services.attribute_policy.AttributePolicy name: attributePolicy config: policies: - id: REFEDSResearchAndScholarship rules: - type: EntityAttributeExactMatch attributeName: "http://macedir.org/entity-category" attributeValue: "http://refeds.org/category/research-and-scholarship" allowed: - eduPersonPrincipalName - eduPersonTargetedID - mail - displayName - givenName - sn - eduPersonScopedAffiliation - id: GeantEEADataProtectionCodeOfConduct rules: - type: EntityAttributeExactMatch attributeName: "http://macedir.org/entity-category" attributeValue: "http://www.geant.net/uri/dataprotection-code-of-conduct/v1" allowed: - displayName - givenName - sn - mail - eduPersonScopedAffiliation - eduPersonPrincipalName - eduPersonUniqueId - eduPersonTargetedID - schacPersonalUniqueCode - schacHomeOrganization - id: MyAcacemicID rules: - type: EntityAttributeExactMatch attributeName: "http://macedir.org/entity-category" attributeValue: "https://myacademicid.org/entity-categories/esi" allowed: - schacPersonalUniqueCode - eduPersonEntitlement - id: RegisteredByACOnetRequiredAttributes rules: - type: RegistrationAuthority registrars: "http://eduid.at" allowed: - displayName - givenName - sn - mail - eduPersonScopedAffiliation - eduPersonPrincipalName - eduPersonUniqueId - eduPersonTargetedID - schacHomeOrganization - eduPersonEntitlement - id: eduID.at-Demo-SP rules: - type: Requester value: "https://test-sp.aco.net/shibboleth" allowed: - givenName - sn - displayName - mail - samlSubjectID - samlPairwiseID - eduPersonPrincipalName - eduPersonScopedAffiliation - eduPersonEntitlement - eduPersonTargetedID - schacHomeOrganization - schacPersonalUniqueCode - id: brzportal rules: - type: Requester value: "https://federation.portal.at/sp_metadata.xml" - type: Requester value: "https://federation2.portal.at/sp_metadata.xml" allowed: - eduPersonScopedAffiliation - SAPemployeeNumber - displayName - sn - givenName - eduPersonTargetedID - mail - schacHomeOrganization - cn - eduPersonPrincipalName - id: mobility rules: - type: Requester value: "https://mobility.uni-graz.at/mobility" allowed: - eduPersonScopedAffiliation - cn - displayName - eduPersonPrincipalName - mail - o - ou - postalAddress - title - uid - obfuscatedID - eduPersonTargetedID security: force_authn: true authn_context: [ "https://refeds.org/profile/mfa" ] - id: exam-extern rules: - type: Requester value: "https://exam-extern.uni-graz.at/sso/module.php/saml/sp/metadata.php/exam" allowed: - eduPersonScopedAffiliation - cn - givenName - sn - mail - uid - eduPersonAffiliation - eduPersonPrincipalName - eduPersonTargetedID - displayName - id: ubg-alma rules: - type: Requester value: "https://obv-at-ubg.alma.exlibrisgroup.com/mng/login" allowed: - eduPersonScopedAffiliation - schacHomeOrganization - mail - eduPersonPrincipalName - eduPersonTargetedID - givenName - displayName - sn - PMidentNr - id: harica rules: - type: Requester value: "https://exam-extern.uni-graz.at/sso/module.php/saml/sp/metadata.php/exam" allowed: - eduPersonScopedAffiliation - cn - givenName - sn - mail - uid - eduPersonAffiliation - eduPersonPrincipalName - eduPersonTargetedID - displayName - id: default rules: - type: ANY allowed: - eduPersonScopedAffiliation - schacHomeOrganization - mail - eduPersonPrincipalName - eduPersonTargetedID - givenName - displayName - sn