The Predicate type (basic:Predicate prior to V3.2) is a PolicyRule which returns true if a supplied condition/predicate Spring bean evaluates to true. The bean must be of type Predicate<ProfileRequestContext>, and the software includes a large variety of existing examples as well as the ability to implement new ones via scripts.

See the ActivationConditions topic for details.

In the vast majority of cases, using this plugin requires additional native Spring configuration outside of the main filter policy where the plugin is used. You can define the bean(s) required in the global.xml file, or to scope them more "correctly", you can create your own resource and add it to the collection Spring resources loaded into the AttributeFilterService via services.xml

Schema Type and Location

The Predicate type is defined in the urn:mace:shibboleth:2.0:afp namespace, the schema for which can be located at

The deprecated basic:Predicate type is defined in the urn:mace:shibboleth:2.0:afp:mf:basic namespace, the schema for which can be located at



rulePredicateRefBean referenceRequired, name of an externally-defined Spring Bean of type Predicate<ProfileRequestContext>
contextStrategyRefBean referenceOptional, advanced setting to supply an alternative lookup function to locate the ProfileRequestContext, this is the name of an externally-defined Spring Bean of type Function<AttributeFilterContext,ProfileRequestContext>

Child Elements



The examples collectively read as "Apply this rule if the SP is named '' or ''".

Predicate ProfileRequirementRule
<PolicyRequirementRule xsi:type="Predicate" rulePredicateRef="rpPred"/>
Spring configuration for a per RP Predicate
<bean id="rpPred" parent="shibboleth.Conditions.RelyingPartyId">
    <constructor-arg name="candidates">