...
This rule releases any value of the eduPersonAffiliation attribute to any service provider
Code Block | ||||
---|---|---|---|---|
| ||||
<Rule> <Description>eduPersonAffiliation release to anyone</Description> <Target> <AnyTarget/> </Target> <Attribute name="urn:mace:dir:attribute-def:eduPersonAffiliation"> <AnyValue release="permit"/> </Attribute> </Rule> |
This rule releases most group values, but not administrative ones, to service providers from Brown University
Code Block | ||||
---|---|---|---|---|
| ||||
<Rule> <Description>Non-adminstrative groups released to Brown</Description> <Target> <Requester matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch"> *$brown.edu </Requester> </Target> <Attribute name="memberOf"> <Value release="deny" matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch"> ^urn:mace:example.org:group:admin:* </Value> </Attribute> </Rule> |
...