Versions Compared

Old Version 5

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

compared with

New Version 6

changes.mady.by.user trscavo@ncsa.illinois.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The <AttributeFilterScript> element contains a script (or a reference to a script) that implements Predicate<Attribute>.

Note
titleSoftware version requirement
The following This feature requires IdP V3.4 or later.

The <AttributeFilterScript> element contains a script (or a reference to a script) that implements Predicate<Attribute>. The boolean result of the script determines whether the parent <MetadataFilter> element acts on the input entity attribute. Specificallyimplicitly iterates over all entity attributes in the input. For each entity attribute, if the predicate evaluates to false for a particular entity attribute in the input stream, the entity attribute is removed from the input stream.

Schema

The <AttributeFilterScript> element is a configuration element of type ScriptType. Both the element and its type are defined by the urn:mace:shibboleth:2.0:metadata schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.

...

Typically the script operates on a single input parameter as follows:

Code Block
languagexml
titleA boolean function of one parameter
<ConditionScript><AttributeFilterScript>
    <Script>
    <![CDATA[
        // invoke a boolean function expression on a single parameter
        (function (attribute) {an implementation of Predicate<Attribute>
        // applied to the input argument
        //
        // function statements the input argument is of type:
        }(input));
// org.opensaml.saml.saml2.core.Attribute
   ]]>     </Script>
</ConditionScript>

The actual input parameter is an instance of a class that implements the Attribute interface. The formal attribute parameter name is arbitrary.

If the customObjectRef attribute is present, the script operates on a pair of parameters called input and custom:

Code Block
languagexml
titleA boolean function of two parameters
<ConditionScript customObjectRef="beanID">
    <Script>//
        (function (attribute) {
            "use strict";

   <![CDATA[         // do not invokeremove athe booleanentity functionattribute
expression on two parameters         (functionif (attribute, customObj === null) { return true; }

            // implement the function statementspredicate here...
        }(input, custom));
    ]]>
    </Script>
</ConditionScript>AttributeFilterScript>

The actual custom parameter actual input argument is an instance of an object class determined by the externally referenced bean. The corresponding formal parameter names are arbitrarya class that implements the Attribute interface. The formal parameter name is arbitrary. In the previous example, the name attribute is used for clarity.