The <ConditionScript>
element contains a script (or a reference to a script) that ultimately applies an implementation of Predicate<EntityDescriptor>
to a given entity descriptor.
This feature requires IdP V3.4 or later. |
The <ConditionScript>
element implicitly iterates over all entity descriptors in the metadata pipeline. For each entity descriptor, the parent <MetadataFilter>
element acts on the input entity descriptor if (and only if) the predicate evaluates to true. The action taken depends on the type of metadata filter.
The <ConditionScript>
may be a child of the following filters:
The <ConditionScript>
element is a configuration element of type ScriptType
. Both the element and its type are defined by the urn:mace:shibboleth:2.0:metadata
schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.
The following sections describe the attributes and elements of the ScriptType
type.
A script contained by a <ConditionScript>
element has access to an object called input
by convention. The actual input
argument is an instance of a class that implements the EntityDescriptor
interface.
If the customObjectRef
attribute is present on the <ConditionScript>
element, the result of the referenced Spring bean is made available to the script via a second object called custom
. The type of the custom
object is determined by the Spring bean.
If the customObjectRef
attribute is not present on the <ConditionScript>
element, the script operates on a single input
argument. The following trivial implementation of Predicate<EntityDescriptor>
always returns false regardless of the input
argument:
<ConditionScript> <Script> <![CDATA[ "use strict"; // A trivial implementation of Predicate<EntityDescriptor> // applied to the input argument // // The input argument is of type: // org.opensaml.saml.saml2.metadata.EntityDescriptor // (function (entity) { return false; }(input)); ]]> </Script> </ConditionScript> |
The formal parameter name is arbitrary. In the previous example, the parameter name entity
is used for clarity. A nontrivial script would depend on the formal parameter entity.
If the customObjectRef
attribute is present on the <ConditionScript>
element, the script operates on a pair of arguments called custom
and input
. The following script implements a function that always returns the same trivial implementation of Predicate<EntityDescriptor>
regardless of the custom
argument. The resulting predicate is then applied to the input
argument, which always returns false.
<ConditionScript customObjectRef="BeanID"> <Script> <![CDATA[ "use strict"; // A trivial implementation of Function<T, Predicate<EntityDescriptor>>, // that is, a function that takes an argument of some unspecified type T // and returns an implementation of Predicate<EntityDescriptor>. // The latter is ultimately applied to the input object. // // The type of the custom argument depends on the application. // // The input argument is of type: // org.opensaml.saml.saml2.metadata.EntityDescriptor // (function (t) { return function (entity) { return false; }; }(custom))(input); ]]> </Script> </ConditionScript> |
Note that both formal parameter names (t
and entity
) are arbitrary. A nontrivial script would presumably substitute a more meaningful name for the formal parameter t
.