/
PredicateConfiguration

The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

PredicateConfiguration

Owned by Rod Widdowson
Last updated: Jul 12, 2018 by Takeshi NishimuraVersion comment

Overview

The Predicate type (basic:Predicate prior to V3.2) is a PolicyRule which returns true if a supplied condition/predicate Spring bean evaluates to true. The bean must be of type Predicate<ProfileRequestContext>, and the software includes a large variety of existing examples as well as the ability to implement new ones via scripts.

See the ActivationConditions topic for details.

In the vast majority of cases, using this plugin requires additional native Spring configuration outside of the main filter policy where the plugin is used. You can define the bean(s) required in the global.xml file, or to scope them more "correctly", you can create your own resource and add it to the collection Spring resources loaded into the AttributeFilterService via services.xml

Schema Type and Location

The Predicate type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp.xsd

The deprecated basic:Predicate type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at http://shibboleth.net/schema/idp/shibboleth-afp-mf-basic.xsd

Reference

Attributes

NameTypeDescription
rulePredicateRefBean referenceRequired, name of an externally-defined Spring Bean of type Predicate<ProfileRequestContext>
contextStrategyRefBean referenceOptional, advanced setting to supply an alternative lookup function to locate the ProfileRequestContext, this is the name of an externally-defined Spring Bean of type Function<AttributeFilterContext,ProfileRequestContext>

Child Elements

None

Example

The examples collectively read as "Apply this rule if the SP is named 'https://sp.example.org' or 'https://sp2.example.org'".

Predicate ProfileRequirementRule
<PolicyRequirementRule xsi:type="Predicate" rulePredicateRef="rpPred"/>
Spring configuration for a per RP Predicate
<bean id="rpPred" parent="shibboleth.Conditions.RelyingPartyId">
    <constructor-arg name="candidates">
        <list>
            <value>https://sp.example.org</value>
            <value>https://sp2.example.org</value>
        </list>
    </constructor-arg>
</bean>

Related content