The <ConditionScript>
element contains a script (or a reference to a script) that ultimately applies an implementation of Predicate<EntityDescriptor>
to a given entity descriptor.
This feature requires IdP V3.4 or later. |
The <ConditionScript>
element implicitly iterates over all entity descriptors in the metadata pipeline. For each entity descriptor, the parent <MetadataFilter>
element acts on the input entity descriptor if (and only if) the predicate evaluates to true. The action taken depends on the type of metadata filter.
The <ConditionScript>
may be a child of the following filters:
The <ConditionScript>
element is a configuration element of type ScriptType
. Both the element and its type are defined by the urn:mace:shibboleth:2.0:metadata
schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.
The following sections describe the attributes and elements of the ScriptType
type.
A script contained by a <ConditionScript>
element has access to an object called input
by convention. The actual input
argument is an instance of a class that implements the EntityDescriptor
interface. Additionally the script has access to an object called custom
. This is the bean specified using the customObjectRef
attribute, if present, and null if not..
The following trivial implementation of Predicate<EntityDescriptor>
always returns false regardless of the input
argument:
<ConditionScript> <Script> <![CDATA[ "use strict"; false; ]]> </Script> </ConditionScript> |
A more complex example might use the custom
object to help in the definition
<ConditionScript customObjectRef="BeanID"> <Script> <![CDATA[ "use strict"; var someCondition = function(entityID) { // Good stuff } var result; // CustomObjectRef points to a <util:map> where the key is a string and the value is an 'interesting bean' if (someCondition(input.getEntityID())) { result = custom["myFirstBean"].someFunction(input); } else { result = custom["mySecondBean"].someOtherFunction(input); } result; ]]> </Script> </ConditionScript> |
Note that both formal parameter names (t
and entity
) are arbitrary. A nontrivial script would presumably substitute a more meaningful name for the formal parameter t
.