AttributeFilterScript

The <AttributeFilterScript> element contains a script (or a reference to a script) that ultimately applies an implementation of Predicate<Attribute> to a given entity attribute.

The <AttributeFilterScript> element implicitly iterates over all entity attributes in the metadata pipeline. For each entity attribute, the entity attribute is removed from the input stream if (and only if) the predicate evaluates to false.

Schema

The <AttributeFilterScript> element is a configuration element of type ScriptType. Both the element and its type are defined by the urn:mace:shibboleth:2.0:metadata schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.

The following sections describe the attributes and elements of the ScriptType type.

Attributes

An element of type ScriptType has the following XML attributes:

language          

If the customObjectRef attribute is present, the result of the referenced Spring bean is made available to the script in a variable named custom. This is in addition to the normal script context discussed below.

Child Elements

An element of type ScriptType has the following child elements:

<Script>

<ScriptFile>

The script may be stored in a local file (with <ScriptFile>) or written inline (with <Script>). An inline script should be wrapped with a CDATA section to prevent interpretation of any special XML characters that may be included in the script.

Script Context

A script contained by an <AttributeFilterScript> element has access to an object called input by convention. The actual input argument is an instance of a class that implements the Attribute interface.

If the customObjectRef attribute is present on the <AttributeFilterScript> element, the result of the referenced Spring bean is made available to the script via a second object called custom. The type of the custom object is determined by the Spring bean.

Examples

If the customObjectRef attribute is not present on the <AttributeFilterScript> element, the script operates on a single input argument. The following trivial implementation of Predicate<Attribute> always returns false regardless of the input argument:

<ConditionScript>
    <Script>
    <![CDATA[
        "use strict";
        false;
    ]]>
    </Script>
</ConditionScript>

A more complex example might use the custom object to help the operation.

<Script>
    <![CDATA[
        "use strict";
        var someCondition = function(attributeValueCount) {
            // Good stuff
        }
         
        var result;
        // CustomObjectRef points to a <util:map> where the key is a string and the value is an 'interesting bean'
        if (someCondition(input.getValues.size()) {
            result = custom["myAttributePredicate"].someFunction(input);
        } else {
            result = custom["myOtherAttributePredicate"].someOtherFunction(input);
        }
        result;
    ]]>
    </Script>

<Script>
    <![CDATA[
        "use strict";
        var someCondition = function(entityID) {
            // Good stuff
        }
         
        var result;
        // CustomObjectRef points to a <util:map> where the key is a string and the value is an 'interesting bean'
        if (someCondition(input.getEntityID())) {
            result = custom["myFirstBean"].someFunction(input);
        } else {
            result = custom["mySecondBean"].someOtherFunction(input);
        }
        result;
    ]]>
    </Script>

<Script>
    <![CDATA[
        "use strict";
        var someCondition = function(entityID) {
            // Good stuff
        }
         
        var result;
        // CustomObjectRef points to a <util:map> where the key is a string and the value is an 'interesting bean'
        if (someCondition(input.getEntityID())) {
            result = custom["myFirstBean"].someFunction(input);
        } else {
            result = custom["mySecondBean"].someOtherFunction(input);
        }
        result;
    ]]>
    </Script>