1. Create the file /etc/freeradius/policy.d/moonshot (on RHEL platforms, /etc/raddb/policy.d/moonshot):

    moonshot_saml { 
        if (Realm == '[your realm here]') {
            update reply {
                SAML-AAA-Assertion = '<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2011-03-19T08:30:00Z" ID="foo" Version="2.0">'
                SAML-AAA-Assertion += '<saml:Issuer>urn:mace:incommon:osu.edu</saml:Issuer>'
                SAML-AAA-Assertion += '<saml:AttributeStatement>'
                SAML-AAA-Assertion += '<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"><saml:AttributeValue>moonshot</saml:AttributeValue></saml:Attribute>'
                SAML-AAA-Assertion += '</saml:AttributeStatement>'
                SAML-AAA-Assertion += '</saml:Assertion>'
            }
        }
    }

    Camford University's SAML assertion would look like this:

    moonshot_saml { 
        if (Realm == 'camford.ac.uk') {
            update reply {
                SAML-AAA-Assertion = '<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" IssueInstant="2011-03-19T08:30:00Z" ID="foo" Version="2.0">'
                SAML-AAA-Assertion += '<saml:Issuer>urn:mace:incommon:osu.edu</saml:Issuer>'
                SAML-AAA-Assertion += '<saml:AttributeStatement>'
                SAML-AAA-Assertion += '<saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"><saml:AttributeValue>moonshot</saml:AttributeValue></saml:Attribute>'
                SAML-AAA-Assertion += '</saml:AttributeStatement>'
                SAML-AAA-Assertion += '</saml:Assertion>'
            }
        }
    }
  2. In /etc/freeradius/sites-enabled/abfab-tr-idp, find the post-auth section. At the top, immediately below the "post-auth {" line, insert the following:

    post-auth {
            moonshot_saml