...
The most common use of Predicates is in ActivationConditions, and the majority of the predefined beans are of type Predicate<ProfileRequestContext>. Such conditions are called with the object at the root of the tree of contexts that makes up the state of a request, so they can be very generic, or implemented for very specific purposes.
shibboleth.Conditions.BrowserProfile- returns true if the current profile is one which assumes browser interaction.
shibboleth.Conditions.RelyingPartyId- returns true based on the name (typically SAML entityID) of the relying party/peer system
shibboleth.Conditions.Scripted - returns the result of running a JSR-223 scriptlet
shibboleth.Conditions.Expression - returns the value specified by a SpEL expression
shibboleth.Conditions.EntityDescriptor - adapter that returns the value of a predicate applied to the SAML metadata for a request
shibboleth.Conditions.SubjectName - adapter that returns the value of a predicate or collection of strings applied to the subject name for a request
...
They generally assume the "normal" attribute resolution process; more specialized or deployer-triggered resolution processes (e.g., during authentication) will typically require additional customizations in order to locate the AttributeContext containing the data. As an example, using one of these predicates as an ActivationCondition guarding an AttributeDefinition or DataConnector will typically require the PreRequestedAttributes feature, and the use of the shibboleth.ChildLookup.PreRequestedAttributeContext lookup bean.
None of these currently have "shorthand" bean names and so the full Java class names have to be used, but they are all stable API classes.
net.shibboleth.idp.profile.logic.DateAttributePredicate- returns true if the content of a provided string-valued attribute parses into a date which is later that the current time
net.shibboleth.idp.profile.logic.SimpleAttributePredicate - matches a set of attribute/value rules against the resolved attribute data
net.shibboleth.idp.profile.logic.RegexAttributePredicate - matches a set of attribute/value regular expressions against the resolved attribute data
net.shibboleth.idp.profile.logic.DynamicAttributePredicate- similar to the SimpleAttributePredicate, but the matching rules come from a supplied Function and not a statically defined set of values
Other Predicates
These are also not named beans, but are useful classes:
...
shibboleth.Functions.Constant - a Function that returns its input
shibboleth.Functions.Compose - a Function that composes two other input Functions
shibboleth.Functions.Scripted - a Function that returns the result of running a JSR-223 scriptlet
shibboleth.Functions.Expression - a Function that returns the value specified by a SpEL expression
shibboleth.BiFunctions.Constant 4.1 - a BiFunction that returns its input
shibboleth.BiFunctions.Compose 4.1 - a BiFunction that composes a BiFunction with a Function
shibboleth.BiFunctions.Scripted 4.1 - a BiFunction that returns the result of running a JSR-223 scriptlet
shibboleth.BiFunctions.Expression 4.1 - a BiFunction that returns the value specified by a SpEL expression
...
Consumers /BiConsumers 4.1
Consumers and BiConsumers are similar to Functions and BiFunctions except that they don't return a result but simply produce side effects against their input(s). They are not common, but appear in a few places in the API where side effects are needed but no exceptions are expected to be raised. A pair of beans are supplied to implement them more easily.
...
shibboleth.Pair – a parent bean for creating objects of type net.shibboleth.utilities.java.support.collection.Pair
shibboleth.CommaDelimStringArray – a utility bean for converting a comma-delimited string into an array of strings (the input is provided as a constructor argument)
shibboleth.HttpServletRequest – an automated way of injecting a request's HttpServletRequest object into another bean
shibboleth.HttpServletResponse – an automated way of injecting a request's HttpServletResponse object into another bean
shibboleth.SAML2AuthnContextClassRef – a parent bean for defining a SAML 2.0 AuthnContextClassRef custom Principal object
shibboleth.SAML2AuthnContextDeclRef – a parent bean for defining a SAML 2.0 AuthnContextDeclRef custom Principal object (these are almost never used, but are present for completeness)
shibboleth.SAML1AuthenticationMethod – a parent bean for defining a SAML 1.1 AuthenticationMethod custom Principal object
...