63 lines
2.9 KiB
XML
63 lines
2.9 KiB
XML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
||
|
xmlns:context="http://www.springframework.org/schema/context"
|
||
|
xmlns:util="http://www.springframework.org/schema/util"
|
||
|
xmlns:p="http://www.springframework.org/schema/p"
|
||
|
xmlns:c="http://www.springframework.org/schema/c"
|
||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||
|
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
|
||
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
|
||
|
|
||
|
default-init-method="initialize"
|
||
|
default-destroy-method="destroy">
|
||
|
|
||
|
<!--
|
||
|
Condition to evaluate to interrupt SSO flows to check the state of the transaction before allowing.
|
||
|
|
||
|
Typically the flow itself will be activated based on configuration in relying-party.xml, and this controls
|
||
|
whether to proceed if the flow is activated. The most common use for this flow is to check the set of
|
||
|
resolved/filtered attributes and values to see if the user is authorized or provisioned into a service.
|
||
|
-->
|
||
|
<bean id="shibboleth.context-check.Condition" parent="shibboleth.Conditions.AND">
|
||
|
<constructor-arg>
|
||
|
<list>
|
||
|
<bean parent="shibboleth.Conditions.RelyingPartyId" c:candidates="#{{'https://sp.example.org'}}" />
|
||
|
<bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate"
|
||
|
p:useUnfilteredAttributes="true">
|
||
|
<property name="attributeValueMap">
|
||
|
<map>
|
||
|
<entry key="eppn">
|
||
|
<list>
|
||
|
<value>*</value>
|
||
|
</list>
|
||
|
</entry>
|
||
|
</map>
|
||
|
</property>
|
||
|
</bean>
|
||
|
</list>
|
||
|
</constructor-arg>
|
||
|
</bean>
|
||
|
|
||
|
<!--
|
||
|
More general purpose approach using a Function that returns either "proceed" or a custom error Event.
|
||
|
This is a cleaner way of applying multiple conditions in different cases or triggering different events.
|
||
|
-->
|
||
|
<!--
|
||
|
<bean id="shibboleth.context-check.Function" parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript"
|
||
|
p:customObject-ref="shibboleth.context-check.Condition">
|
||
|
<constructor-arg>
|
||
|
<value>
|
||
|
<![CDATA[
|
||
|
var event = "proceed";
|
||
|
if (!custom.apply(input)) {
|
||
|
event = "ContextCheckDenied";
|
||
|
}
|
||
|
event;
|
||
|
]]>
|
||
|
</value>
|
||
|
</constructor-arg>
|
||
|
</bean>
|
||
|
-->
|
||
|
|
||
|
</beans>
|