OpenSearch/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/intercept/context-check-intercept-con...

63 lines
2.9 KiB
XML
Raw Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
default-init-method="initialize"
default-destroy-method="destroy">
<!--
Condition to evaluate to interrupt SSO flows to check the state of the transaction before allowing.
Typically the flow itself will be activated based on configuration in relying-party.xml, and this controls
whether to proceed if the flow is activated. The most common use for this flow is to check the set of
resolved/filtered attributes and values to see if the user is authorized or provisioned into a service.
-->
<bean id="shibboleth.context-check.Condition" parent="shibboleth.Conditions.AND">
<constructor-arg>
<list>
<bean parent="shibboleth.Conditions.RelyingPartyId" c:candidates="#{{'https://sp.example.org'}}" />
<bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate"
p:useUnfilteredAttributes="true">
<property name="attributeValueMap">
<map>
<entry key="eppn">
<list>
<value>*</value>
</list>
</entry>
</map>
</property>
</bean>
</list>
</constructor-arg>
</bean>
<!--
More general purpose approach using a Function that returns either "proceed" or a custom error Event.
This is a cleaner way of applying multiple conditions in different cases or triggering different events.
-->
<!--
<bean id="shibboleth.context-check.Function" parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript"
p:customObject-ref="shibboleth.context-check.Condition">
<constructor-arg>
<value>
<![CDATA[
var event = "proceed";
if (!custom.apply(input)) {
event = "ContextCheckDenied";
}
event;
]]>
</value>
</constructor-arg>
</bean>
-->
</beans>