Versions Compared

Old Version 4

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We also supply public implementations of this interface such that the logic can be supplied via a script or via a Spring Expression, avoiding the overhead of creating a new Java class in a separate jarextension library.

Use Cases

Some of the advanced uses you might have for this feature include:

...

Expand
titleJavascript Example
Code Block
languagexml
<!-- A script that checks a Relying Party name -->
<bean id="MyCondition" parent="shibboleth.Conditions.Scripted" factory-method="inlineScript">
  <constructor-arg>
    <value>
    <![CDATA[
      "use strict";
      var result = false;

      // an implementation of Predicate<ProfileRequestContext>
      // The IdP environment provides two variables "profileContext" and "custom".  
      //     profileContext  is of type org.opensaml.profile.context.ProfileRequestContext
      //     custom          is whatever you injected 
      // The value of the last statement in this function is the reurn value
      var id = "https://sp.example.com/shibboleth";  // an entityID
      
      // specify the child context of the root ProfileRequestContext
      if (profileContext!== null) {
          // check the entityID of the relying party
          var subcontext = profileContext.getSubcontext("net.shibboleth.idp.profile.context.RelyingPartyContext");
          if (subcontext !== null) {
            result = subcontext.getRelyingPartyId().equals(id);
          }
      }
      result;
    ]]>
    </value>
  </constructor-arg>
</bean>

...

Expand
titleSpring Expression Example
Code Block
languagexml
<!-- A Spring Expression that checks a Relying Party name -->
<bean id="MyCondition" parent="shibboleth.Conditions.Expression">
  <constructor-arg>
    <value>
    #profileContext.getSubcontext(T(net.shibboleth.idp.profile.context.RelyingPartyContext)).getRelyingPartyId().equals("https://sp.example.com/shibboleth")
    </value>
  </constructor-arg>
</bean>

...

Code Block
languagexml
<bean id="MyCondition" class="org.opensaml.profile.logic.IPRangePredicate"
  p:httpServletRequesthttpServletRequestSupplier-ref="shibboleth.HttpServletRequestHttpServletRequestSupplier"
  p:ranges="#{ '192.168.1.0/24', '192.168.2.0/28' }" />

...

Expand
titleSpecific Relying Party AND Client Address Range
Code Block
languagexml
<!-- An AND checking for both an SP and a network address -->
<bean id="MyCondition" parent="shibboleth.Conditions.AND">
  <constructor-arg>
    <bean parent="shibboleth.Conditions.RelyingPartyId" c:candidate="https://sp.example.com/shibboleth" />
  </constructor-arg>
  <constructor-arg>
    <bean class="org.opensaml.profile.logic.IPRangePredicate"
      p:httpServletRequesthttpServletRequestSupplier-ref="shibboleth.HttpServletRequestHttpServletRequestSupplier"
      p:ranges="192.168.1.0/24" />
  </constructor-arg>
</bean>

...