Versions Compared

Old Version 8

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

compared with

New Version 9

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The <AttributeFilterScript> element contains a script (or a reference to a script) that implements that ultimately applies an implementation of Predicate<Attribute> to a given entity attribute.

Note
titleSoftware version requirement
This feature requires IdP V3.4 or later.

The <AttributeFilterScript> element implicitly iterates over all entity attributes in the input streammetadata pipeline. For each entity attribute, the entity attribute is removed from the input stream if (and only if) the predicate evaluates to false.

...

Insert excerpt
ScriptTypeConfiguration
ScriptTypeConfiguration
nopaneltrue

Examples

The following examples assume the default JavaScript language.

...

Script Context

A script contained by an <AttributeFilterScript> element has access to an object called input by convention. The actual input argument is an instance of a class that implements the Attribute interface.

If the customObjectRef attribute is present on the <AttributeFilterScript> element, the result of the referenced Spring bean is made available to the script via a second object called custom. The type of the custom object is determined by the Spring bean.

Examples

If the customObjectRef attribute is not present on the <AttributeFilterScript> element, the script operates on a single input argument. The following trivial implementation of Predicate<Attribute> always returns false regardless of the input argument:

Code Block
languagexml
titleAn A trivial implementation of Predicate<Attribute>
<AttributeFilterScript><ConditionScript>
    <Script>
    <![CDATA[
        "use strict";

        // A Antrivial implementation of Predicate<Attribute>
        // applied to the input argument
        //
        // The input argument is of type:
        // org.opensaml.saml.saml2.core.Attribute
        //
        (function (attribute) {
            "use strict";

            // do not remove the entity attribute
            if (attribute === null) { return true; }

            // implement the predicate here...
        false; }(input));
    ]]>
    </Script>
</AttributeFilterScript>ConditionScript>

The actual input argument is an instance of a class that implements the Attribute interface. The formal parameter name is arbitrary.  In In the previous example, the parameter name attribute is used for clarity. A nontrivial script would depend on the formal parameter attribute.