Versions Compared

Old Version 11

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Most use cases for this feature tend to be for relying party overrides, which are already supported separately. If you need to use this kind of condition elsewhere, you can reuse the same code with this example:. The example shows the use of two different tag “values” to check for, one that’s standardized and one that’s custom, just to show how to handle two values at once.

Expand
titleRelying Party By Tag
Code Block
languagexml
<!-- Tag condition -->
<bean id="MyCondition" parent="shibboleth.Conditions.EntityDescriptor">
  <constructor-arg name="pred">
    <bean class="net.shibboleth.idp.saml.profile.logic.MappedEntityAttributesPredicate">
      <constructor-arg>
        <list>
          <bean class="org.opensaml.saml.common.profile.logic.EntityAttributesPredicate.Candidate"
            c:name="http://macedir.org/entity-category"
            p:values="#{{ 'http://refeds.org/category/research-and-scholarship', 'http://example.org/mycategory' }}" />
        </list>
      </constructor-arg>
    </bean>
  </constructor-arg>
</bean>

...

Code Block
languagexml
<bean id="MyCondition" class="org.opensaml.profile.logic.IPRangePredicate"
  p:httpServletRequest-ref="shibboleth.HttpServletRequest"
  p:ranges="#{ '192.168.1.0/24', '192.168.2.0/28' }" />

See this link for more details

Attribute Checking

Some components may need to check for the presence (or absence) of a particular attribute or value for a user. A basic condition is provided for this purpose, or may be a useful code example to follow to implement something more complex.

...