The Shibboleth IdP V4 software will leave support on September 1, 2024.

PredicateConfiguration

Namespace: urn:mace:shibboleth:2.0:afp
Schema: http://shibboleth.net/schema/idp/shibboleth-afp.xsd

Overview

The Predicate type is a PolicyRule which returns true if a supplied condition/predicate Spring bean evaluates to true. The bean must be of type Predicate<ProfileRequestContext>, and the software includes a large variety of existing examples as well as the ability to implement new ones via scripts.

See the ActivationConditions topic for details.

In the vast majority of cases, using this plugin requires additional native Spring configuration outside of the main filter policy where the plugin is used. You can define the bean(s) required in the global.xml file, or to scope them more "strictly", you can create your own resource and add it to the collection Spring resources loaded into the AttributeFilter service via services.xml

Reference

Name

Type

Description

Name

Type

Description

rulePredicateRef

Bean ID

Required, name of an externally-defined Spring Bean of type Predicate<ProfileRequestContext>

Example

The examples collectively read as "Apply this rule if the SP is named 'https://sp.example.org' or 'https://sp2.example.org'".

Predicate ProfileRequirementRule
<PolicyRequirementRule xsi:type="Predicate" rulePredicateRef="rpPred"/>
Spring configuration for a per RP Predicate
<bean id="rpPred" parent="shibboleth.Conditions.RelyingPartyId"> <constructor-arg name="candidates"> <list> <value>https://sp.example.org</value> <value>https://sp2.example.org</value> </list> </constructor-arg> </bean>