{"type":"doc","content":[{"type":"paragraph","content":[{"text":"Namespace: ","type":"text","marks":[{"type":"strong"}]},{"text":"urn:mace:shibboleth:2.0:afp","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"Schema:","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"http://shibboleth.net/schema/idp/shibboleth-afp.xsd","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/schema/idp/shibboleth-afp.xsd"}}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Overview","type":"text"}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"Script","type":"text","marks":[{"type":"code"}]},{"text":" type allows definition of complex filtering with a scriptlet as either a Mapper or a PolicyRule depending on the location. The script is either a Policy Rule or a Mapper depending on its location:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If the script is specified within the scope of an ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" element then the script has to be Mapper, returning a ","type":"text"},{"text":"Set","type":"text","marks":[{"type":"code"},{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java.util.Set?module=java.sql"}}]},{"text":"<","type":"text","marks":[{"type":"code"}]},{"text":"IdPAttributeValue","type":"text","marks":[{"type":"code"},{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-idp.cgi/net/shibboleth/idp/attribute/IdPAttributeValue"}}]},{"text":">","type":"text","marks":[{"type":"code"}]},{"text":", which is added to the permit or deny list for the attribute in question.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"If the script is specified within the scope of a ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" element then the script has to be a PolicyRule (returning a ","type":"text"},{"text":"Boolean","type":"text","marks":[{"type":"code"},{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/java/lang/Boolean?module=java.sql"}}]},{"text":"), which defines whether the rule is active or not.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Script Context","type":"text"}]},{"type":"paragraph","content":[{"text":"The following variables are defined within the script:","type":"text"}]},{"type":"table","attrs":{"layout":"full-width","localId":"105cef48-91d7-4647-bb29-0e76781edccf"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[229.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[200.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[881.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[229.0]},"content":[{"type":"paragraph","content":[{"text":"filterContext","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[200.0]},"content":[{"type":"paragraph","content":[{"text":"AttributeFilterContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-idp.cgi/net/shibboleth/idp/attribute/filter/context/AttributeFilterContext"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[881.0]},"content":[{"type":"paragraph","content":[{"text":"The AttributeFilter context provides some information about the request, and a mechanism to navigate to other contexts in the tree","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[229.0]},"content":[{"type":"paragraph","content":[{"text":"profileContext","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[200.0]},"content":[{"type":"paragraph","content":[{"text":"ProfileRequestContext","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-opensaml.cgi/org/opensaml/profile/context/ProfileRequestContext"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[881.0]},"content":[{"type":"paragraph","content":[{"text":"The root context for the request","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[229.0]},"content":[{"type":"paragraph","content":[{"text":"attribute (Matcher Only)","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[200.0]},"content":[{"type":"paragraph","content":[{"text":"IdPAttribute","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-idp.cgi/net/shibboleth/idp/attribute/IdPAttribute"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[881.0]},"content":[{"type":"paragraph","content":[{"text":"The attribute being filtered","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[229.0]},"content":[{"type":"paragraph","content":[{"text":"custom","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[200.0]},"content":[{"type":"paragraph","content":[{"text":"Object","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[881.0]},"content":[{"type":"paragraph","content":[{"text":"Contains whatever was provided by the ","type":"text"},{"text":"customObjectRef","type":"text","marks":[{"type":"code"}]},{"text":" attribute (see above)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[229.0]},"content":[{"type":"paragraph","content":[{"text":"subjects","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[200.0]},"content":[{"type":"paragraph","content":[{"text":"Array of ","type":"text"},{"text":"Subject","type":"text","marks":[{"type":"link","attrs":{"href":"http://shibboleth.net/cgi-bin/java-jdk.cgi/javax.security.auth.Subject?module=java.base"}}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[881.0]},"content":[{"type":"paragraph","content":[{"text":"The Subjects associated with this authorization. Note that these will only be present if the attribute resolution has been associated with an Authentication (and so this will not work for back channel requests).","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference","type":"text"}]},{"type":"expand","attrs":{"title":"XML Attributes"},"content":[{"type":"table","attrs":{"layout":"full-width","localId":"d8d00f02-5a33-487d-8097-f96859f6bbec"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[108.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[60.0]},"content":[{"type":"paragraph","content":[{"text":"Type","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[77.0]},"content":[{"type":"paragraph","content":[{"text":"Default","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[612.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[108.0]},"content":[{"type":"paragraph","content":[{"text":"language","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[60.0]},"content":[{"type":"paragraph","content":[{"text":"String","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[77.0]},"content":[{"type":"paragraph","content":[{"text":"javascript","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[612.0]},"content":[{"type":"paragraph","content":[{"text":"The language of the script","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[108.0]},"content":[{"type":"paragraph","content":[{"text":"customObjectRef","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[60.0]},"content":[{"type":"paragraph","content":[{"text":"Bean ID","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[77.0]},"content":[{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[612.0]},"content":[{"type":"paragraph","content":[{"text":"The name of a Spring Bean defined elsewhere. This bean will be made available to the script with the name \"","type":"text"},{"text":"custom","type":"text","marks":[{"type":"code"}]},{"text":"\".","type":"text"}]}]}]}]}]},{"type":"expand","attrs":{"title":"XML Elements"},"content":[{"type":"table","attrs":{"layout":"default","localId":"e4e340c7-9354-4bd4-949d-fe23310f7826"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[140.0]},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text"}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[1128.0]},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[140.0]},"content":[{"type":"paragraph","content":[{"text":"","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[1128.0]},"content":[{"type":"paragraph","content":[{"text":"The path of a resource (usually a file) which contains the script","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[140.0]},"content":[{"type":"paragraph","content":[{"text":"\n\t\n","type":"text"}]},{"type":"paragraph","content":[{"text":"This example uses an external script file that determines the applicability of the rule based on an implied condition. It just demonstrates the mechanics of returning true or false from a script.","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"Externally specified PolicyRule","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n\t\n\t\t%{idp.home}/conf/scripts/simple.js\n\t\n","type":"text"}]},{"type":"heading","attrs":{"level":5},"content":[{"text":"Simple JavaScript PolicyRule","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","attrs":{"language":"javascript"},"content":[{"text":"boolType = Java.type(\"java.lang.Boolean\");\nif (/* Some sort of condition */) {\n result = new boolType(false);\n} else {\n result = new boolType(true);\n}\nresult;","type":"text"}]},{"type":"paragraph"}],"version":1}

Browser not supported