Predicate type (
basic:Predicate prior to V3.2) is a PolicyRule which returns true if a supplied condition/predicate Spring bean evaluates to true. The bean must be of type Predicate<ProfileRequestContext>, and the software includes a large variety of existing examples as well as the ability to implement new ones via scripts.
See the ActivationConditions topic for details.
In the vast majority of cases, using this plugin requires additional native Spring configuration outside of the main filter policy where the plugin is used. You can define the bean(s) required in the global.xml file, or to scope them more "correctly", you can create your own resource and add it to the collection Spring resources loaded into the AttributeFilterService via services.xml
Schema Type and Location
Predicate type is defined in the
urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd
basic:Predicate type is defined in the
urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd
|Bean reference||Required, name of an externally-defined Spring Bean of type Predicate<ProfileRequestContext>|
|Bean reference||Optional, advanced setting to supply an alternative lookup function to locate the ProfileRequestContext, this is the name of an externally-defined Spring Bean of type Function<AttributeFilterContext,ProfileRequestContext>|
The examples collectively read as "Apply this rule if the SP is named 'https://sp.example.org' or 'https://sp2.example.org'".
<PolicyRequirementRule xsi:type="Predicate" rulePredicateRef="rpPred"/>
<bean id="rpPred" parent="shibboleth.Conditions.RelyingPartyId">