...
shibboleth.Conditions.BrowserProfile- returns true if the current profile is one which assumes browser interaction.
shibboleth.Conditions.RelyingPartyId- returns true based on the name (typically SAML entityID) of the relying party/peer system
shibboleth.Conditions.Scripted - returns the result of running a JSR-223 scriptlet
shibboleth.Conditions.Expression - returns the value specified by a SpEL expression
shibboleth.Conditions.EntityDescriptor - adapter that returns the value of a predicate applied to the SAML metadata for a request
shibboleth.Conditions.MappedEntityAttribute - predicate generally used with the above adapter to test for presence of EntityAttribute “tag” values in SAML metadata
shibboleth.Conditions.SubjectName - adapter that returns the value of a predicate or collection of strings applied to the subject name for a request
Authentication Predicates 5.2
These predicates support decisions based on criteria related to the subject’s “active” AuthenticationResult objects, i.e., how they have authenticated now or in the past. The predicates default to examining the “final” outcome of authentication (suitable for use in later stages of a request such as normal attribute resolution), and in this case will automatically find and consider any results nested inside another flow’s result, such as the MFA flow.
shibboleth.Conditions.AuthenticationResult – returns true if at least one specified flow has an active result
shibboleth.Conditions.PrincipalInnResult – returns true if at least one specified Principal is found inside the Subject produced by at least one specified flow
Attribute Predicates
These predicates support decisions based on a subject's resolved attributes. All variants allow for either the filtered or unfiltered attributes to be consulted. Obviously these predicates are only valid after attribute resolution has taken place.
...