Script Attribute Filter Matching Rule
Define the Rule
This rule is defined by the element
<PolicyRequirementRule xsi:type="basic:Script">, for policy requirements rules, and
<PermitValueRule xsi:type="basic:Script">, for permit value rules, with the following attributes:
The script to use is given either directly within the rule by the use of the
<Script> element or in a file whose path is given in the
<ScriptFile> element. Only one of these elements may be used within any given script rule definition.
The defined script must return a boolean value when evaluated. The current
edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethFilteringContext object is bound to an script attribute called filterContext, the ID of the attribute currently being evaluated is bound to a script attribute called attributeId, the current attribute value being evaluated is bound to a script attribute called attributeValue.
According to the ECMAScript standard (ECMA-262, 3rd edition), "An ECMAScript program is considered syntactically incorrect if it contains a return statement that is not within a FunctionBody.". Therefore, you must first define a function and then invoke it within your script as show in the example below. Note, as the last statement in the script, the result of the function call will automatically be returned as the value of the script.
It is recommended that you wrap inline-defined scripts within a CDATA section to prevent the possible inclusion of invalid characters.