1 files changed, 42 insertions, 0 deletions

diff --git a/conf-from-container/conf/intercept/context-check-intercept-config.xml b/conf-from-container/conf/intercept/context-check-intercept-config.xml
new file mode 100644
index 0000000..809f1d4
--- /dev/null
+++ b/conf-from-container/conf/intercept/context-check-intercept-config.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xmlns:util="http://www.springframework.org/schema/util"
+       xmlns:p="http://www.springframework.org/schema/p"
+       xmlns:c="http://www.springframework.org/schema/c"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+                           
+       default-init-method="initialize"
+       default-destroy-method="destroy">
+
+    <!--
+    Condition to evaluate to interrupt SSO flows to check the state of the transaction before allowing.
+    
+    Typically the flow itself will be activated based on configuration in relying-party.xml, and this controls
+    whether to proceed if the flow is activated. The most common use for this flow is to check the set of
+    resolved/filtered attributes and values to see if the user is authorized or provisioned into a service.
+    -->
+    <bean id="shibboleth.context-check.Condition" parent="shibboleth.Conditions.AND">
+        <constructor-arg>
+            <list>
+                <bean parent="shibboleth.Conditions.RelyingPartyId" c:candidates="#{ 'https://sp.example.org' }" />
+                <bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate"
+                        p:useUnfilteredAttributes="true">
+                    <property name="attributeValueMap">
+                        <map>
+                            <entry key="eppn">
+                                <list>
+                                    <value>*</value>
+                                </list>
+                            </entry>
+                        </map>
+                    </property>
+                </bean>
+            </list>
+        </constructor-arg>
+    </bean>
+
+</beans>
\ No newline at end of file