Symantec Access Management

Tech Tip : CA Single Sign-On : How to transform the value of an octet attribute from Active Directory ?

  • 1.  Tech Tip : CA Single Sign-On : How to transform the value of an octet attribute from Active Directory ?

    Broadcom Employee
    Posted Jan 10, 2018 03:13 AM

    Question:


    We're sending a User Attribute in a Response. The Attribute we use is objectGUID from Active Directory. The problem is that the browser recieves the Attribute value as an octet. This is because the Active Directory stores it as an octet.

     

    Then, the response the browser receives from SSO in httpheader is

    GUID=)%uffdd%06%3d%uffdd%24%uffdd%40%uffddD%18A%uffdd%uffdd%03%05

    How can we make this value a String ?

     

    Answer:

     

    You have to convert the value at the Policy Server level first. We do not provide an out of the box functionality to transform an Attribute value from Octet to String. However, you can use an Active Expression as Response and put Java code that will do it for you.

     

    Find a sample below, there are many others over the Internet:

    https://stackoverflow.com/questions/10326900/how-to-convert-an-octet-string-to-readable-string

     

    On the Policy Server side, you have to run your own code to make the transformation and send the value as a string to the browser.

     

    KB : TEC1941159