From 933cd4c41181368677ed38ccb290d8c7f32d7fbc Mon Sep 17 00:00:00 2001
From: Lubomir Bucek <lubomir.bucek@eox.at>
Date: Tue, 27 Oct 2020 10:22:12 +0100
Subject: [PATCH] sample ac for emg, save work

---
 shibauth/etc-httpd/conf.d/sp.conf          | 7 ++++---
 shibauth/shibboleth-conf/attribute-map.xml | 5 ++---
 shibauth/shibboleth-conf/pass-ac.xml       | 9 +++++++++
 3 files changed, 15 insertions(+), 6 deletions(-)
 create mode 100644 shibauth/shibboleth-conf/pass-ac.xml

diff --git a/shibauth/etc-httpd/conf.d/sp.conf b/shibauth/etc-httpd/conf.d/sp.conf
index edfa7e84..ad617192 100755
--- a/shibauth/etc-httpd/conf.d/sp.conf
+++ b/shibauth/etc-httpd/conf.d/sp.conf
@@ -1,12 +1,13 @@
 <VirtualHost *:80>
-    ServerName https://emg.pdas.prism.eox.at:443
+    ServerName PassEnv APACHE_SERVERNAME
     UseCanonicalName On
 
     DocumentRoot "/var/www/html"
     <Location /secure>
       AuthType shibboleth
       ShibRequestSetting requireSession 1
-      require shib-session
-      RequestHeader set Referer X-Forwarded-Uri env=X-Forwarded-Uri
+      ShibAccessControl /etc/shibboleth/pass-ac.xml
+      RequestHeader set Referer "%{X-Forwarded-Uri}e"
+      Header set Referer "%{X-Forwarded-Uri}e"
     </Location>
 </VirtualHost>
\ No newline at end of file
diff --git a/shibauth/shibboleth-conf/attribute-map.xml b/shibauth/shibboleth-conf/attribute-map.xml
index e9e9797a..d20c5140 100755
--- a/shibauth/shibboleth-conf/attribute-map.xml
+++ b/shibauth/shibboleth-conf/attribute-map.xml
@@ -1,5 +1,4 @@
 <Attributes xmlns="urn:mace:shibboleth:2.0:attribute-map" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-    <Attribute name="urn:oid:0.9.2342.19200300.100.1.1" id="uid" />
-    <Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
-    <Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
+    <Attribute name="urn:mace:dir:attribute-def:cds-spci-es_oa-signed-tcs" id="spField1" />
+    <Attribute name="urn:mace:dir:attribute-def:cds-spci-es_oa-user-category" id="spField2"/>
 </Attributes>
diff --git a/shibauth/shibboleth-conf/pass-ac.xml b/shibauth/shibboleth-conf/pass-ac.xml
new file mode 100644
index 00000000..13465660
--- /dev/null
+++ b/shibauth/shibboleth-conf/pass-ac.xml
@@ -0,0 +1,9 @@
+<AccessControl
+type="edu.internet2.middleware.shibboleth.sp.provider.XMLAccessControl">
+  <AND>
+    <Rule require="spField2">
+      Copernicus_Services Union_Inst Union_Research_Projects_space Union_Research_Projects_non-space Public_Auth
+    </Rule>
+    <RuleRegex require="spField1">.+</RuleRegex>
+  </AND>
+</AccessControl>
\ No newline at end of file
-- 
GitLab