A User Search Context rule is evaluated when searching for Service Provider users. It returns a valid LDAP distinguished name (DN). This DN serves as the base context for searching users. The authType for the rule must be set to SPEUsersSearchContextRule .
The rule is passed the following arguments:
context — Specifies current user’s Identity context (session).
runAsUser — The User view of the user the rule will run as. This is a null argument if runAsIDMXUser is specified.
runAsIDMXUser— The IDMXUser view of the user the rule will run as. This is a null argument if runAsUser is specified.