Rozdiely

Tu môžete vidieť rozdiely medzi vybranou verziou a aktuálnou verziou danej stránky.

Odkaz na tento prehľad zmien

Obojstranná predošlá revízia Predchádzajúca revízia
Nasledujúca revízia		 Predchádzajúca revízia
install:idp:idp:attribute-filter [25. 11. 2022 11:15] mstanislav@umb.skinstall:idp:idp:attribute-filter [08. 12. 2025 09:02] (aktuálne) mstanislav@umb.sk
Riadok 18: Riadok 18:
       <AttributeRule attributeID="cn" permitAny="true" />       <AttributeRule attributeID="cn" permitAny="true" />
       <AttributeRule attributeID="mail" permitAny="true" />       <AttributeRule attributeID="mail" permitAny="true" />
 +      <AttributeRule attributeID="eduPersonAssurance" permitAny="true" />
       <AttributeRule attributeID="eduPersonAffiliation" permitAny="true" />       <AttributeRule attributeID="eduPersonAffiliation" permitAny="true" />
       <AttributeRule attributeID="eduPersonPrincipalName" permitAny="true" />       <AttributeRule attributeID="eduPersonPrincipalName" permitAny="true" />
Riadok 75: Riadok 76:
         NameID is recommended, though. As is releasing givenName+sn         NameID is recommended, though. As is releasing givenName+sn
         in addition to displayName, to help with interoperability. -->         in addition to displayName, to help with interoperability. -->
 +      <AttributeRule attributeID="eduPersonAssurance" permitAny="true" />
       <AttributeRule attributeID="eduPersonPrincipalName" permitAny="true" />       <AttributeRule attributeID="eduPersonPrincipalName" permitAny="true" />
       <AttributeRule attributeID="eduPersonTargetedID" permitAny="true" />       <AttributeRule attributeID="eduPersonTargetedID" permitAny="true" />
Riadok 96: Riadok 98:
     </AttributeFilterPolicy>     </AttributeFilterPolicy>
  
-    <!-- GEANT & REFEDS Data protection Code of Conduct -->+    <!-- GEANT Data protection Code of Conduct or REFEDS Data Protection Code of Conduct Entity Category -->
     <!-- Release data to EU/EEA/Adequate CoCo-SPs, based on RequestedAttributes in SAML metadata -->     <!-- Release data to EU/EEA/Adequate CoCo-SPs, based on RequestedAttributes in SAML metadata -->
     <AttributeFilterPolicy id="GeantEEADataProtectionCodeOfConduct">     <AttributeFilterPolicy id="GeantEEADataProtectionCodeOfConduct">
Riadok 121: Riadok 123:
         </AttributeRule>         </AttributeRule>
         <AttributeRule attributeID="mail">         <AttributeRule attributeID="mail">
 +            <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
 +        </AttributeRule>
 +        <AttributeRule attributeID="eduPersonAssurance">
             <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />             <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
         </AttributeRule>         </AttributeRule>
Riadok 196: Riadok 201:
     </AttributeFilterPolicy>     </AttributeFilterPolicy>
  
-    <!-- Fallback attribute release to anyone -->+    <!-- Release to anyone requesting ePSA, sHO -->
     <!-- Adjust the list to match a local privacy policy -->     <!-- Adjust the list to match a local privacy policy -->
-    <AttributeFilterPolicy id="DataToAnyServiceViaTrustedMetadata"> +    <AttributeFilterPolicy id="releaseToAnyoneRequesting"> 
-      <PolicyRequirementRule xsi:type="ANY"/> +      <PolicyRequirementRule xsi:type="ANY" /> 
-      <AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" /> + 
-      <AttributeRule attributeID="schacHomeOrganization" permitAny="true" />+      <AttributeRule attributeID="eduPersonScopedAffiliation"
 +          <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /
 +      </AttributeRule
 +      <AttributeRule attributeID="schacHomeOrganization"
 +          <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" /
 +      </AttributeRule>
     </AttributeFilterPolicy>     </AttributeFilterPolicy>
  
-    <!--  Release the transient ID to anyone -->+    <!--  transient ID release is enabled by default  --> 
 +    <!--
     <AttributeFilterPolicy id="releaseTransientIdToAnyone">     <AttributeFilterPolicy id="releaseTransientIdToAnyone">
         <PolicyRequirementRule xsi:type="ANY" />         <PolicyRequirementRule xsi:type="ANY" />
Riadok 212: Riadok 223:
         </AttributeRule>         </AttributeRule>
     </AttributeFilterPolicy>     </AttributeFilterPolicy>
-    +    --> 
 </AttributeFilterPolicyGroup> </AttributeFilterPolicyGroup>
 </code> </code>
  • install/idp/idp/attribute-filter.1669371326
  • Posledná úprava: 07. 04. 2025 11:56