The following example is the ARPs used by the OhioLINK staff IdP. It releases the eduPersonPrincipalName attribute only to the OhioLINK servers and Internet2.
<?xml version="1.0" encoding="UTF-8"?> <AttributeReleasePolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:arp:1.0" xsi:schemaLocation="urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd" > <Description>OhioLINK Staff ARP</Description> <Rule> <Target> <Requester matchFunction="urn:mace:shibboleth:arp:matchFunction:regexMatch"> https://.+\.ohiolink\.edu/shibboleth </Requester> </Target> <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName"> <AnyValue release="permit"/> </Attribute> </Rule> <Rule> <Target> <Requester matchFunction="urn:mace:shibboleth:arp:matchFunction:exactShar"> https://spaces.internet2.edu/shibboleth </Requester> </Target> <Attribute name="urn:mace:dir:attribute-def:eduPersonPrincipalName"> <AnyValue release="permit"/> </Attribute> </Rule> </AttributeReleasePolicy>
|
|