Referencing entity attributes in the terms of use key bean

Wessel, Keith kwessel at illinois.edu
Fri Sep 25 16:11:51 UTC 2020 

Digging up this thread for one more, hopefully quick, question.

This all works fine under IdP 4. My prod IdP is still on version 3 and an older Java version, and it doesn't seem to like this:

if (custom["condition"].test(input)) {
... which results in:

Caused by: jdk.nashorn.internal.runtime.ECMAException: TypeError: custom.condition.test is not a function

This is, again, to test for the matching entity attribute and value.

Did IdP 3 or Java 8 have a different syntax for such tests? I'm not finding any similar scenarios in the other configs.

Thanks very much,
Keith

-----Original Message-----
From: Wessel, Keith 
Sent: Monday, September 14, 2020 8:53 PM
To: Shib Users <users at shibboleth.net>
Subject: RE: Referencing entity attributes in the terms of use key bean

Ah, got it. Thank you. I was thrown off by the bean name, thinking it implemented a condition. Your explanation makes sense. And it also jives quite well with the type casting exception I received earlier.

Thanks again,
Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Monday, September 14, 2020 4:19 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Referencing entity attributes in the terms of use key bean

On 9/14/20, 5:13 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

>    Well, duh. Thanks, Scott. I should have known that I couldn't get a 
> condition out of a bean that was simply defining the entity tag and value, not testing it.

No, the problem is just the input types. Most of the supplied condition classes run against ProfileRequestContext and most of the condition properties use that input type.

The EntityAttributesPredicate operates directly on an EntityDescriptor (metadata). Using it in the IdP requires an adapter, to turn the ProfileRequestContext into an EntityDescriptor, i.e. to look up the metadata where it lives in the request.

All of that indirection is pre-wired inside the shibboleth.Conditions.EntityDescriptor bean, which adapts the input and then runs the EntityDescriptor-based condition you give it.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list