Versions Compared

Version Old Version 9 New Version 10
Changes made by

Rod Widdowson

Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Property

Description

encoder

An HTMLEncoder, allows safe HTML encoding of various types. This is further described under HtmlEncoder.

cspDigester 5.1

A StringDigester configured to produce base64-encoded SHA-256 hashes, suitable for use in generating CSP hashes

cspNonce 5.1

An IdentifierGenerationStrategy that produces nonces suitable for use with CSP

profileRequestContext

A ProfileRequestContext, primarily used to locate subsidiary contexts:
#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.profile.context.RelyingPartyContext'))
This is an advanced topic and out of scope for this page.

environment

The Spring Environment (javadoc here). This will be most frequently used to resolve properties (defined in idp.properties or other files), by calling the getProperty method. For instance
environment.getProperty("idp.whatever", "default")

request

The HttpServletRequest.

response

The HttpServletResponse

flowRequestContext

The Spring Web Flow RequestContext (javadoc here). This is an advanced topic and out of scope for this page.

flowExecutionUrl

The URL to redirect to in order to advance the flow (you’ll see this in form actions, typically)

springMacroRequestContext

A help context supplied by Spring. Primarily used to render language specific resources from the message bundles. For instance
$springMacroRequestContext.getMessage("idp.message", "An unidentified error occurred."))

custom

The Spring bean named shibboleth.CustomViewContext. This can be whatever you define it to be (in global.xml). That bean and its content should be treated as immutable.

attributeHelper

A bean named shibboleth.AttributeHelper. By default this is of type AttributeHelper but this can be set to be any bean via the property name idp.attribute.helper.

Variables Available to Password Login View

...

Property

Description

rpUIContext

RelyingPartyUIContext object. This object allows language sensitive rendering of specific information about the relying party (logos and so forth). This is described further here.

attributeDisplayNameFunction

A Function takes an IdPAttribute (usually from $attributeReleaseContext.getConsentableAttributes().values()) and outputs the DisplayName appropriate to the browser locales.

attributeDisplayDescriptionFunction

A Function that takes an IdPAttribute (usually from $attributeReleaseContext.getConsentableAttributes().values()) and outputs the DisplayDescription appropriate to the browser locales.

consentContext

A ConsentContext representing the state of a consent flow (current and previous consents). Further information TBD.

attributeReleaseContext

An AttributeReleaseContext, this can be used to provide an iterable group of those attributes to which consent can be applied via the call $attributeReleaseContext.getConsentableAttributes().values().
Specific attributes can be found by direct lookup ($attributeReleaseContext.getConsentableAttributes().get($attributeId)).
In Java terms, $attributeReleaseContext.getConsentableAttributes() is a Map.

attributeHelper

A bean named shibboleth.AttributeHelper. By default this is of type AttributeHelper but this can be set to be any bean via the property name idp.attribute.helper.

Variables Available During Logout

...

During terms of use consent the intercept/terms-of-use.vm view template has three two properties available :

  • rpUIContext as used in the login case

  • termsOfUseId - a ConsentContext representing the state of a consent flow (current and previous consents). Further information TBD.

  • attributeHelper - see below

The attributeHelper

This variable is present in the ‘hello flow’ and the following intercept flows: attribute-release, expiring-password, impersonate, terms-of-use, warning-flow. It is also available in the error views for the CAS, SAML and Admin flows. By default this is of type AttributeHelper but this can be set to be any bean via the property name idp.attribute.helper. The default implementation gives easy access to the first attribute value for the specified attribute.

Examples

Locating the OpenSAML EntityDescriptor for the Relying Party

...

Code Block
languagexml
#set ($spEntityId = $profileRequestContext.getSubcontext('net.shibboleth.profile.context.RelyingPartyContext').getRelyingPartyId())
...
 #if ($spEntityId.equals("https://sp.examle.org/shibboleth"))
	<a>particular HTML element</a>
 #end

Display a the first value of an attribute with a default value

Code Block
languagexml
$attributeHelper.getFirstAttributeValue($profileRequestContext, "eppn", "Jane Doe")