projects / shibboleth / cpp-sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SSPCPP-677 - Filter schacHomeOrganization values against shibmd:Scope
[shibboleth/cpp-sp.git] / configs / attribute-policy.xml
diff --git a/configs/attribute-policy.xml b/configs/attribute-policy.xml
index a2d1742..ba0449f 100644 (file)
--- a/configs/attribute-policy.xml
+++ b/configs/attribute-policy.xml
@@ -58,6 +58,11 @@
         <afp:AttributeRule attributeID="persistent-id">
             <afp:PermitValueRule xsi:type="saml:NameIDQualifierString"/>
         </afp:AttributeRule>
+        
+        <!-- Enforce that the values of schacHomeOrganization are a valid Scope. -->
+        <afp:AttributeRule attributeID="schacHomeOrganization">
+            <afp:PermitValueRule xsi:type="saml:AttributeValueMatchesShibMDScope" />
+        </afp:AttributeRule>
 
         <!-- Catch-all that passes everything else through unmolested. -->
         <afp:AttributeRule attributeID="*">
Unnamed repository; edit this file 'description' to name the repository.