AW: Attribute Filter for AttributeRequest
Rosenfeld, Waldemar (extern)
waldemar.rosenfeld.extern at gv.mpg.de
Thu Jul 5 05:38:30 EDT 2018
Perfect, thank you very much for this hint :)
My solution, if anybody needs something like this:
<AttributeFilterPolicy id="SPExampleAttributeRequest">
<PolicyRequirementRule xsi:type="AND">
<Rule xsi:type="Requester" value="https://sp.example.com/"
/>
<Rule xsi:type="Script" language="JavaScript">
<Script>
<![CDATA[
boolType = Java.type("java.lang.Boolean");
context = profileContext.getProfileId();
if
(context.equals('http://shibboleth.net/ns/profiles/saml2/query/attribute'))
{
result = new boolType(true);
} else {
result = new boolType(false);
}
result;
]]>
</Script>
</Rule>
</PolicyRequirementRule>
<AttributeRule attributeID="isMemberOf"
permitAny="true"/>
</AttributeFilterPolicy>
-----Ursprüngliche Nachricht-----
Von: users <users-bounces at shibboleth.net> Im Auftrag von Rod Widdowson
Gesendet: Mittwoch, 4. Juli 2018 17:46
An: 'Shib Users' <users at shibboleth.net>
Betreff: RE: Attribute Filter for AttributeRequest
> I suspect that you could dig into the ProfileRequestContext to get the
profile being run and fire that up with a PredicateFilter.
Something like:
<bean parent="shibboleth.Conditions.Expression"
c:_0="#profileContext.getProfileId().equals('http://shibboleth.net/ns/profil
es/saml2/query/attribute')" />
would be a rough first estimate if where to start.
R
--
For Consortium Member technical support, see
https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to
users-unsubscribe at shibboleth.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5959 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20180705/3f9742ef/attachment.p7s>
More information about the users
mailing list