79 lines
3.0 KiB
XML
79 lines
3.0 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
This file is a rudimentary example. While it is semi-functional, it isn't very
|
|
interesting. It is here only as a starting point for your deployment process
|
|
to avoid any dependency on components like an LDAP directory.
|
|
|
|
Very few attribute definitions and data connectors are demonstrated, and the
|
|
data is derived statically from the logged-in username and a static example
|
|
connector.
|
|
|
|
The file(s) in the examples directory contain more examples that involve more
|
|
complex approaches. Deployers should refer to the documentation for a complete
|
|
list of possible components and their options.
|
|
-->
|
|
<AttributeResolver
|
|
xmlns="urn:mace:shibboleth:2.0:resolver"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
|
|
|
|
|
|
<!-- ========================================== -->
|
|
<!-- Attribute Definitions -->
|
|
<!-- ========================================== -->
|
|
|
|
<!--
|
|
The EPPN is the "standard" federated username in higher ed.
|
|
For guidelines on the implementation of this attribute, refer
|
|
to the Shibboleth and eduPerson documentation. Above all, do
|
|
not expose a value for this attribute without considering the
|
|
long term implications.
|
|
-->
|
|
<AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}">
|
|
<InputAttributeDefinition ref="uid" />
|
|
</AttributeDefinition>
|
|
|
|
<!--
|
|
The uid is the closest thing to a "standard" LDAP attribute
|
|
representing a local username, but you should generally *never*
|
|
expose uid to federated services, as it is rarely globally unique.
|
|
-->
|
|
<AttributeDefinition id="uid" xsi:type="PrincipalName" />
|
|
|
|
<!--
|
|
In the rest of the world, the email address is the standard identifier,
|
|
despite the problems with that practice. Consider making the EPPN
|
|
value the same as your official email addresses whenever possible.
|
|
-->
|
|
<AttributeDefinition id="mail" xsi:type="Template">
|
|
<InputAttributeDefinition ref="uid" />
|
|
<Template>
|
|
<![CDATA[
|
|
${uid}@example.org
|
|
]]>
|
|
</Template>
|
|
</AttributeDefinition>
|
|
|
|
<!--
|
|
This is an example of an attribute sourced from a data connector.
|
|
-->
|
|
<AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}">
|
|
<InputDataConnector ref="staticAttributes" attributeNames="affiliation" />
|
|
</AttributeDefinition>
|
|
|
|
|
|
<!-- ========================================== -->
|
|
<!-- Data Connectors -->
|
|
<!-- ========================================== -->
|
|
|
|
<DataConnector id="staticAttributes" xsi:type="Static" exportAttributes="schacHomeOrganization">
|
|
<Attribute id="schacHomeOrganization">
|
|
<Value>%{idp.scope}</Value>
|
|
</Attribute>
|
|
<Attribute id="affiliation">
|
|
<Value>member</Value>
|
|
</Attribute>
|
|
</DataConnector>
|
|
|
|
</AttributeResolver>
|