new: examples/filter_attributes: enforce scope on scoped attributes

vladimir-mencl-eresearch · vladimir-mencl-eresearch · commit f7fcadff16ae · 2023-03-15T13:54:07.000+13:00
(and also enforce scoping rules on schacHomeOrganization value)
diff --git a/example/plugins/microservices/filter_attributes.yaml.example b/example/plugins/microservices/filter_attributes.yaml.example
@@ -6,10 +6,20 @@ config:
         "":
             # default rules for any requester
             "":
-                # enforce controlled vocabulary
+                # enforce controlled vocabulary (via simple notation)
                 eduPersonAffiliation: "^(faculty|student|staff|alum|member|affiliate|employee|library-walk-in)$"
                 eduPersonPrimaryAffiliation: "^(faculty|student|staff|alum|member|affiliate|employee|library-walk-in)$"
-                eduPersonScopedAffiliation: "^(faculty|student|staff|alum|member|affiliate|employee|library-walk-in)@"
+                eduPersonScopedAffiliation:
+                    # enforce controlled vocabulary (via extended notation)
+                    regexp: "^(faculty|student|staff|alum|member|affiliate|employee|library-walk-in)@"
+                    # enforce correct scope
+                    shibmdscope_match_scope:
+                eduPersonPrincipalName:
+                    # enforce correct scope
+                    shibmdscope_match_scope:
+                schacHomeOrganization:
+                    # enforce scoping rule on attribute value
+                    shibmdscope_match_value:
 
         target_provider1:
             requester1:
