177 lines
4.1 KiB
YAML
177 lines
4.1 KiB
YAML
module: satosa.micro_services.attribute_policy.AttributePolicy
|
|
name: attributePolicy
|
|
config:
|
|
policies:
|
|
- id: REFEDSResearchAndScholarship
|
|
rules:
|
|
- type: EntityAttributeExactMatch
|
|
attributeName: "http://macedir.org/entity-category"
|
|
attributeValue: "http://refeds.org/category/research-and-scholarship"
|
|
allowed:
|
|
- eduPersonPrincipalName
|
|
- eduPersonTargetedID
|
|
- mail
|
|
- displayName
|
|
- givenName
|
|
- sn
|
|
- eduPersonScopedAffiliation
|
|
|
|
- id: GeantEEADataProtectionCodeOfConduct
|
|
rules:
|
|
- type: EntityAttributeExactMatch
|
|
attributeName: "http://macedir.org/entity-category"
|
|
attributeValue: "http://www.geant.net/uri/dataprotection-code-of-conduct/v1"
|
|
allowed:
|
|
- displayName
|
|
- givenName
|
|
- sn
|
|
- mail
|
|
- eduPersonScopedAffiliation
|
|
- eduPersonPrincipalName
|
|
- eduPersonUniqueId
|
|
- eduPersonTargetedID
|
|
- schacPersonalUniqueCode
|
|
- schacHomeOrganization
|
|
|
|
- id: MyAcacemicID
|
|
rules:
|
|
- type: EntityAttributeExactMatch
|
|
attributeName: "http://macedir.org/entity-category"
|
|
attributeValue: "https://myacademicid.org/entity-categories/esi"
|
|
allowed:
|
|
- schacPersonalUniqueCode
|
|
- eduPersonEntitlement
|
|
|
|
- id: RegisteredByACOnetRequiredAttributes
|
|
rules:
|
|
- type: RegistrationAuthority
|
|
registrars: "http://eduid.at"
|
|
allowed:
|
|
- displayName
|
|
- givenName
|
|
- sn
|
|
- mail
|
|
- eduPersonScopedAffiliation
|
|
- eduPersonPrincipalName
|
|
- eduPersonUniqueId
|
|
- eduPersonTargetedID
|
|
- schacHomeOrganization
|
|
- eduPersonEntitlement
|
|
|
|
- id: eduID.at-Demo-SP
|
|
rules:
|
|
- type: Requester
|
|
value: "https://test-sp.aco.net/shibboleth"
|
|
allowed:
|
|
- givenName
|
|
- sn
|
|
- displayName
|
|
- mail
|
|
- samlSubjectID
|
|
- samlPairwiseID
|
|
- eduPersonPrincipalName
|
|
- eduPersonScopedAffiliation
|
|
- eduPersonEntitlement
|
|
- eduPersonTargetedID
|
|
- schacHomeOrganization
|
|
- schacPersonalUniqueCode
|
|
|
|
- id: brzportal
|
|
rules:
|
|
- type: Requester
|
|
value: "https://federation.portal.at/sp_metadata.xml"
|
|
- type: Requester
|
|
value: "https://federation2.portal.at/sp_metadata.xml"
|
|
allowed:
|
|
- eduPersonScopedAffiliation
|
|
- SAPemployeeNumber
|
|
- displayName
|
|
- sn
|
|
- givenName
|
|
- eduPersonTargetedID
|
|
- mail
|
|
- schacHomeOrganization
|
|
- cn
|
|
- eduPersonPrincipalName
|
|
|
|
- id: mobility
|
|
rules:
|
|
- type: Requester
|
|
value: "https://mobility.uni-graz.at/mobility"
|
|
allowed:
|
|
- eduPersonScopedAffiliation
|
|
- cn
|
|
- displayName
|
|
- eduPersonPrincipalName
|
|
- mail
|
|
- o
|
|
- ou
|
|
- postalAddress
|
|
- title
|
|
- uid
|
|
- obfuscatedID
|
|
- eduPersonTargetedID
|
|
security:
|
|
force_authn: true
|
|
authn_context: [ "https://refeds.org/profile/mfa" ]
|
|
|
|
- id: exam-extern
|
|
rules:
|
|
- type: Requester
|
|
value: "https://exam-extern.uni-graz.at/sso/module.php/saml/sp/metadata.php/exam"
|
|
allowed:
|
|
- eduPersonScopedAffiliation
|
|
- cn
|
|
- givenName
|
|
- sn
|
|
- mail
|
|
- uid
|
|
- eduPersonAffiliation
|
|
- eduPersonPrincipalName
|
|
- eduPersonTargetedID
|
|
- displayName
|
|
|
|
- id: ubg-alma
|
|
rules:
|
|
- type: Requester
|
|
value: "https://obv-at-ubg.alma.exlibrisgroup.com/mng/login"
|
|
allowed:
|
|
- eduPersonScopedAffiliation
|
|
- schacHomeOrganization
|
|
- mail
|
|
- eduPersonPrincipalName
|
|
- eduPersonTargetedID
|
|
- givenName
|
|
- displayName
|
|
- sn
|
|
- PMidentNr
|
|
|
|
- id: harica
|
|
rules:
|
|
- type: Requester
|
|
value: "https://exam-extern.uni-graz.at/sso/module.php/saml/sp/metadata.php/exam"
|
|
allowed:
|
|
- eduPersonScopedAffiliation
|
|
- cn
|
|
- givenName
|
|
- sn
|
|
- mail
|
|
- uid
|
|
- eduPersonAffiliation
|
|
- eduPersonPrincipalName
|
|
- eduPersonTargetedID
|
|
- displayName
|
|
|
|
- id: default
|
|
rules:
|
|
- type: ANY
|
|
allowed:
|
|
- eduPersonScopedAffiliation
|
|
- schacHomeOrganization
|
|
- mail
|
|
- eduPersonPrincipalName
|
|
- eduPersonTargetedID
|
|
- givenName
|
|
- displayName
|
|
- sn
|