The <ConditionScript> element contains a script (or a reference to a script) that ultimately applies an implementation of Predicate<EntityDescriptor> to a given entity descriptor.

The <ConditionScript> element implicitly iterates over all entity descriptors in the metadata pipeline. For each entity descriptor, the parent <MetadataFilter> element acts on the input entity descriptor if (and only if) the predicate evaluates to true. The action taken depends on the type of metadata filter.

The <ConditionScript> may be a child of the following filters:

• PredicateMetadataFilter
• NameIDFormatFilter
• EntityAttributesFilter

Schema

The <ConditionScript> element is a configuration element of type ScriptType. Both the element and its type are defined by the urn:mace:shibboleth:2.0:metadata schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.

The following sections describe the attributes and elements of the ScriptType type.

Script Context

A script contained by a <ConditionScript> element has access to an object called input by convention. The actual input argument is an instance of a class that implements the EntityDescriptor interface.  Additionally the script has access to an object called custom.  This is the bean specified using the customObjectRef attribute, if present, and null if not..

Examples

The following trivial implementation of Predicate<EntityDescriptor> always returns false regardless of the input argument:

<ConditionScript>
    <Script>
    <![CDATA[
        "use strict";
		false;
    ]]>
    </Script>
</ConditionScript>

A more complex example might use the custom object to help in the definition

<ConditionScript customObjectRef="BeanID">
    <Script>
    <![CDATA[
        "use strict";
        var someCondition = function(entityID) {
            // Good stuff
        }
        
        var result;
        // CustomObjectRef points to a <util:map> where the key is a string and the value is an 'interesting bean'
		if (someCondition(input.getEntityID())) {
            result = custom["myFirstBean"].someFunction(input);
        } else {
            result = custom["mySecondBean"].someOtherFunction(input); 
        }
        result;
    ]]>
    </Script>
</ConditionScript>

Note that both formal parameter names (t and entity) are arbitrary. A nontrivial script would presumably substitute a more meaningful name for the formal parameter t.