<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" default-init-method="initialize" default-destroy-method="destroy"> <!-- Intercept flows are used at various injection points to modify processing. This is the master list of flows available that provide interesting features to deployers, but flows are actually enabled by specifying them in various profile configuration beans via relying-party.xml This list of flows is merged with a built-in set defined in a system configuration file, and may be empty, but should not be removed. You must add your own custom flows to this list if you create any. --> <bean id="shibboleth.AvailableInterceptFlows" parent="shibboleth.DefaultInterceptFlows" lazy-init="true"> <property name="sourceList"> <list merge="true"> <bean id="intercept/context-check" parent="shibboleth.InterceptFlow" /> <bean id="intercept/expiring-password" parent="shibboleth.InterceptFlow" /> <bean id="intercept/terms-of-use" parent="shibboleth.consent.TermsOfUseFlow" /> <bean id="intercept/attribute-release" parent="shibboleth.consent.AttributeReleaseFlow" p:activationCondition-ref="attribute_release_cond" /> <bean id="intercept/attribute-info" parent="shibboleth.consent.AttributeReleaseFlow" p:activationCondition-ref="attribute_info_cond" /> <bean id="intercept/attribute-must" parent="shibboleth.consent.AttributeReleaseFlow" p:activationCondition-ref="attribute_must_cond" /> </list> </property> </bean> <bean id="attribute_info_users" class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate" p:useUnfilteredAttributes="true"> <property name="attributeValueMap"> <map> <!-- hier wird im Produktivbetrieb am ehesten die Zugehörigkeit zu einer Nutzergruppe abgefragt, z.B. ou--> <entry key="eduPersonAffiliation"> <list> <value>staff</value> </list> </entry> </map> </property> </bean> <bean id="attribute_must_users" class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate" p:useUnfilteredAttributes="true"> <property name="attributeValueMap"> <map> <!-- hier wird im Produktivbetrieb am ehesten die Zugehörigkeit zu einer Nutzergruppe abgefragt, z.B. ou--> <entry key="eduPersonAffiliation"> <list> <value>staff</value> </list> </entry> </map> </property> </bean> <bean id="attribute_must_sps" parent="shibboleth.Conditions.RelyingPartyId"> <constructor-arg name="candidates"> <!-- hier die Entity IDs der SPs eintragen, die in diese Kategorie fallen: Notwendige Dienste, DSGVO Art. 88 --> <list> <value>https://testsp.aai.dfn.de/shibboleth</value> </list> </constructor-arg> </bean> <bean id="attribute_info_sps" parent="shibboleth.Conditions.RelyingPartyId"> <constructor-arg name="candidates"> <!-- hier die Entity IDs der SPs eintragen, die in diese Kategorie fallen: Nützliche Dienste, DSGVO Art. 6 Abs. 1 lit. e oder f --> <list> <value>https://testsp3.aai.dfn.de/shibboleth</value> </list> </constructor-arg> </bean> <bean id="attribute_info_cond" parent="shibboleth.Conditions.AND"> <constructor-arg> <list> <ref bean="attribute_info_users" /> <ref bean="attribute_info_sps" /> </list> </constructor-arg> </bean> <bean id="attribute_must_cond" parent="shibboleth.Conditions.AND"> <constructor-arg> <list> <ref bean="attribute_must_users" /> <ref bean="attribute_must_sps" /> </list> </constructor-arg> </bean> <bean id="attribute_release_cond" parent="shibboleth.Conditions.NOT"> <constructor-arg> <list> <bean parent="shibboleth.Conditions.OR"> <constructor-arg> <list> <ref bean="attribute_info_cond" /> <ref bean="attribute_must_cond" /> </list> </constructor-arg> </bean> </list> </constructor-arg> </bean> </beans>