Symantec Access Management

Hi All,

I am trying to send objectGUID ( an AD attribute, which is binary attribute ) using  assertion attribute. But I am unable to do so, what I am getting is either a binary value ( junk value ) or base64 encoded format. Please suggest how I can get in it hexstring. Below is the camparison between two saml response.

######### Present Response ############

<ns2:Attribute Name="objectguid"

NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"

>

<ns2:AttributeValue>yGhT3kroAUCj5lbadpbljg==</ns2:AttributeValue>

####### Expected Response ############

<saml:Attribute Name="objectGUID"

NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"

>

<saml:AttributeValue>de5368c8-e84a-4001-a3e6-56da7696e58e</saml:AttributeValue>

######################################

Thanks,

Ankush

Reference article :-- CA Federation & Office 365 Integration: ObjectGUID as ImmutableID

Hi All,

Please advise.

Thanks,

Ankush

Hi Ankush,

We tried checking the same use case in our lab env but we dont have any OOTB option to get the hexstring value and by default all the binary attributes are base64 encoded.
As of now, the only option I see is to write an Assertion Generator Plugin which reads Base64 encoded value, decodes, coverts to hex and then format as required.

Please refer below link to Customize Assertion Content.
https://support.ca.com/cadocs/0/CA%20SiteMinder%2012%2052-ENU/Bookshelf_Files/HTML/idocs/2205375.html

Thanks,

Sharan

Hi Ankush,

As mentioned in our kbarticle, out of the box siteminder has ability to send the objectGUID value in base64 encoded format.

I see that you already have a case (00480734) open with us, we will update this case to gather additional information and continue working with you on this.

Later we will update this post with the resolution for our other community members.

Thanks.

-Shrikanth