The <AttributeFilterScript> element contains a script (or a reference to a script) that implements Predicate<Attribute>.
| This feature requires IdP V3.4 or later. |
The <AttributeFilterScript> element implicitly iterates over all entity attributes in the input stream. For each entity attribute, the entity attribute is removed from the input stream if (and only if) the predicate evaluates to false.
The <AttributeFilterScript> element is a configuration element of type ScriptType. Both the element and its type are defined by the urn:mace:shibboleth:2.0:metadata schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.
The following sections describe the attributes and elements of the ScriptType type.
Examples
The following examples assume the default JavaScript language.
Typically the script operates on a single input parameter as follows:
<AttributeFilterScript>
<Script>
<![CDATA[
// An implementation of Predicate<Attribute>
// applied to the input argument
//
// The input argument is of type:
// org.opensaml.saml.saml2.core.Attribute
//
(function (attribute) {
"use strict";
// do not remove the entity attribute
if (attribute === null) { return true; }
// implement the predicate here...
}(input));
]]>
</Script>
</AttributeFilterScript> |
The actual input argument is an instance of a class that implements the Attribute interface. The formal parameter name is arbitrary. In the previous example, the parameter name attribute is used for clarity.