bradleybeddoes/aaf-attribute-filter.xml

## aaf-attribute-filter.xml
<?xml version="1.0" encoding="UTF-8"?>
<afp:AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
  xmlns:afp="urn:mace:shibboleth:2.0:afp"
  xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
  xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
                      urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd
                      urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">

  <afp:AttributeFilterPolicy id="aaf.edu.au">
      <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterInEntityGroup"
                                 groupID="aaf.edu.au" />

      <afp:AttributeRule attributeID="persistentID">
        <afp:PermitValueRule xsi:type="basic:ANY"/>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="transientId">
        <afp:PermitValueRule xsi:type="basic:ANY"/>
      </afp:AttributeRule>

      <!-- Core AAF Attributes -->
      <afp:AttributeRule attributeID="email">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:0.9.2342.19200300.100.1.3"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="displayName">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:2.16.840.1.113730.3.1.241"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="commonName">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:2.5.4.3"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="eduPersonTargetedID">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="auEduPersonSharedToken">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:1.3.6.1.4.1.27856.1.2.5"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="organizationName">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:2.5.4.10"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="eduPersonEntitlement">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="eduPersonAssurance">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.11"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="eduPersonAffiliation">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="eduPersonScopedAffiliation">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.9"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <!-- Optional AAF Attributes -->
      <afp:AttributeRule attributeID="givenName">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:2.5.4.42"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="surname">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:2.5.4.4"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="homeOrganizationType">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:1.3.6.1.4.1.25178.1.2.10"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

      <afp:AttributeRule attributeID="homeOrganization">
          <afp:PermitValueRule xsi:type="basic:OR">
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              onlyIfRequired="false"/>
                  <basic:Rule xsi:type="saml:AttributeInMetadata"
                              attributeName="urn:oid:1.3.6.1.4.1.25178.1.2.9"
                              onlyIfRequired="false"/>
          </afp:PermitValueRule>
      </afp:AttributeRule>

    </afp:AttributeFilterPolicy>
</afp:AttributeFilterPolicyGroup>
	<?xml version="1.0" encoding="UTF-8"?>
	<afp:AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
	xmlns:afp="urn:mace:shibboleth:2.0:afp"
	xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
	xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="urn:mace:shibboleth:2.0:afp classpath:/schema/shibboleth-2.0-afp.xsd
	urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd
	urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">

	<afp:AttributeFilterPolicy id="aaf.edu.au">
	<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterInEntityGroup"
	groupID="aaf.edu.au" />

	<afp:AttributeRule attributeID="persistentID">
	<afp:PermitValueRule xsi:type="basic:ANY"/>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="transientId">
	<afp:PermitValueRule xsi:type="basic:ANY"/>
	</afp:AttributeRule>

	<!-- Core AAF Attributes -->
	<afp:AttributeRule attributeID="email">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:0.9.2342.19200300.100.1.3"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="displayName">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:2.16.840.1.113730.3.1.241"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="commonName">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:2.5.4.3"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="eduPersonTargetedID">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="auEduPersonSharedToken">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:1.3.6.1.4.1.27856.1.2.5"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="organizationName">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:2.5.4.10"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="eduPersonEntitlement">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="eduPersonAssurance">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.11"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="eduPersonAffiliation">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="eduPersonScopedAffiliation">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.9"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<!-- Optional AAF Attributes -->
	<afp:AttributeRule attributeID="givenName">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:2.5.4.42"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="surname">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:2.5.4.4"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="homeOrganizationType">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:1.3.6.1.4.1.25178.1.2.10"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	<afp:AttributeRule attributeID="homeOrganization">
	<afp:PermitValueRule xsi:type="basic:OR">
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	onlyIfRequired="false"/>
	<basic:Rule xsi:type="saml:AttributeInMetadata"
	attributeName="urn:oid:1.3.6.1.4.1.25178.1.2.9"
	onlyIfRequired="false"/>
	</afp:PermitValueRule>
	</afp:AttributeRule>

	</afp:AttributeFilterPolicy>
	</afp:AttributeFilterPolicyGroup>