Patrick-Dussault

Tech Tip : CA Single Sign-On : How to transform the value of an octet attribute from Active Directory ?

Discussion created by Patrick-Dussault Employee on Jan 10, 2018

Question:


We're sending a User Attribute in a Response. The Attribute we use is objectGUID from Active Directory. The problem is that the browser recieves the Attribute value as an octet. This is because the Active Directory stores it as an octet.

 

Then, the response the browser receives from SSO in httpheader is

GUID=)%uffdd%06%3d%uffdd%24%uffdd%40%uffddD%18A%uffdd%uffdd%03%05

How can we make this value a String ?

 

Answer:

 

You have to convert the value at the Policy Server level first. We do not provide an out of the box functionality to transform an Attribute value from Octet to String. However, you can use an Active Expression as Response and put Java code that will do it for you.

 

Find a sample below, there are many others over the Internet:

https://stackoverflow.com/questions/10326900/how-to-convert-an-octet-string-to-readable-string

 

On the Policy Server side, you have to run your own code to make the transformation and send the value as a string to the browser.

 

KB : TEC1941159

Outcomes