Versions Compared

Old Version 5

changes.mady.by.user Ian Young

Saved on

compared with

New Version 6

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This rule releases any value of the eduPersonAffiliation attribute to any service provider

Code Block
xml
xml
<Rule>
	<Description>eduPersonAffiliation release to anyone</Description>
	<Target>
		<AnyTarget/>
	</Target>

	<Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation">
		<AnyValue release="permit"/>
	</Attribute>
</Rule>

This rule releases most group values, but not administrative ones, to service providers from Brown University

Code Block
xml
xml
<Rule>
	<Description>Non-adminstrative groups released to Brown</Description>
	<Target>
		<Requester matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch">
			  *$brown.edu
		 </Requester>
	 </Target>

	<Attribute name="memberOf">
		<Value release="deny" matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch">
			 ^urn:mace:example.org:group:admin:*
		 </Value>
	</Attribute>
</Rule>

...