Versions Compared

Old Version 10

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • If the script is specified within the scope of an <AttributeRule> element then the script has to be Mapper, returning a Set<IdPAttributeValue>, which is added to the permit or deny list for the attribute in question.

  • If the script is specified within the scope of a <PolicyRequirementRule> element then the script has to be a PolicyRule (returning a Boolean), which defines whether the rule is active or not.

...

Script Context

The following variables are defined within the script:

Name

Type

Description

filterContext

AttributeFilterContext

The AttributeFilter context provides some information about the request, and a mechanism to navigate to other contexts in the tree

profileContext

ProfileRequestContext

The root context for the request

attribute (Matcher Only)

IdPAttribute

The attribute being filtered

custom

Object

Contains whatever was provided by the customObjectRef attribute (see above)

subjects

Array of Subject

The Subjects associated with this authorization.  Note that these will only be present if the attribute resolution has been associated with an Authentication (and so this will not work for back channel requests).

Reference

localtab-live
Localtabgroup
Expand
titleXML Attributes

Name

Type

Default

Description

language              

language

String

javascript

The language of the script

customObjectRef

Bean ID

The name of a Spring Bean defined elsewhere. This bean will be made available to the script with the name "custom".

localtab-live
The Java Subject(s) associated with this filtering operation. Note that these will only be present if the attribute resolution preceding this was associated with an authentication event (and so this will not work for back channel requests).
Expand
titleXML Elements

Name

Description

<ScriptFile>

The path of a resource (usually a file) which contains the script

<Script>

The script. It is usual to specify this within a CDATA

Localtab live
titleScript Context

The script has the following variables defined:

Name

Type

Description

filterContext

AttributeFilterContext

The AttributeFilter context provides some information about the filter operation

profileContext

ProfileRequestContext

The root context for the request

attribute (Matcher Only)

IdPAttribute

The attribute being filtered

custom

Object

Contains whatever was provided by the customObjectRef attribute (see above)

subjects

Array of Subject

Examples

This simple rule just adds the first value of the attribute "mail" to its permit list:

...