Software version requirement
<ConditionScript> element implicitly iterates over all entity descriptors in the metadata pipeline. For each entity descriptor, the parent
<MetadataFilter> element acts on the input entity descriptor if (and only if) the predicate evaluates to true. The action taken depends on the type of metadata filter.
<ConditionScript> may be a child of the following filters:
<ConditionScript> element is a configuration element of type
ScriptType. Both the element and its type are defined by the
urn:mace:shibboleth:2.0:metadata schema, which can be located at http://shibboleth.net/schema/idp/shibboleth-metadata.xsd.
The following sections describe the attributes and elements of the
An element of type Name Type Default Description If the An element of type The script may be stored in a local file (with Always wrap inline scripts with a CDATA section Always wrap inline scripts with a CDATA section, even if the script contains no special XML characters. This will future-proof your script.
ScriptType has the following XML attributes:
Defines the JSR-223 language to use. The default is ECMAScript using either the Rhino (Java 7) or Nashorn (Java 8) engines.
string optional The ID of a Spring bean defined elsewhere in the configuration.
customObjectRef attribute is present, the result of the referenced Spring bean is made available to the script in a variable named
custom. This is in addition to the normal script context discussed below.
ScriptType has the following child elements:
Name Cardinality Description
An inline script
Path to a local file or classpath resource containing the script
<ScriptFile>) or written inline (with
<Script>). An inline script should be wrapped with a CDATA section to prevent interpretation of any special XML characters that may be included in the script.
An element of type
An element of type
The script may be stored in a local file (with
Always wrap inline scripts with a CDATA section
Always wrap inline scripts with a CDATA section, even if the script contains no special XML characters. This will future-proof your script.
A script contained by a
<ConditionScript> element has access to an object called
input by convention. The actual
input argument is an instance of a class that implements the
EntityDescriptor interface. Additionally the script has access to an object called
custom. This is the bean specified using the
customObjectRef attribute, if present, and null if not..
A more complex example might use the
custom object to help in the definition
Note that both formal parameter names (
entity) are arbitrary. A nontrivial script would presumably substitute a more meaningful name for the formal parameter