AnsweredAssumed Answered

Sending Multi-valued attributes in assertion

Question asked by anand3g on Jul 25, 2016
Latest reply on Sep 28, 2016 by anand3g

Hi,

 

I'm trying to send group memberships as part of an assertion. By default Siteminder groups all the groups in one string with a separator of '^'. However, the SP needs these groups to be separated and included in their own <AttributeValue> tags.

 

After some research it seems like, this would do the trick. FMATTR:isMemberOf in the Attribute Value field of the assertion

 

However, when the assertion gets generated, it doesn't put them in its own <AttributeValue> tags.

 

It adds a CA.FM.SEP instead of the ^. Is there something else I need to do to be able to use FMATTR: function?


<ns1:Attribute AttributeName="role" AttributeNamespace="http://schemas.microsoft.com/ws/2008/06/identity/claims"><ns1:AttributeValue>cn=Group1, ou=group c=USCA.FM.SEP

cn=Group2, ou=group, c=USCA.FM.SEP

cn=Group3, ou=group, c=USCA.FM.SEP

cn=Group4, ou=group, c=USCA.FM.SEP

cn=Group5, ou=group, c=US

</ns1:AttributeValue>

 

Regards,

Anand.

Outcomes