Symantec Access Management

  • Private Community

  • 1.  add a new SAML Attribute out of cookie

    Posted Jun 06, 2018 04:27 PM

    Hi All,

     

    I think many of you already have faced this problem, we have a requirement where we need to send a SAML attribute to our Service Provider (we act as IDP), this attribute called CURRENTUSERCODE, this attribute is not part of user directory we use, but this attribute is available as part of COOKIE to us. We want to use this cookie and create SAML attribute and send it over to our SP.

     

    Is there is a out of box solution available? or we need to create a Assertion Generator Plug-in? If we have to use a assertion generator plug-in can someone please provide a sample which they have implemented which we can use.

     

    Thank you.



  • 2.  Re: add a new SAML Attribute out of cookie
    Best Answer

    Posted Jun 08, 2018 06:33 AM

    Hi Vikas,

     

    If the attribute is available as cookie then I dont think even Assertion Generator Plug-in has an option to read the cookie.

     

    Below options you could try:

    --- Method #1
    Write an Assertion Generator Plugin (AGP) which makes a webservice call to retrieve the additional attribute values from third party store, then inject them into the assertion.

    --- Method #2
    Send the user to an intermediate protected resource which uses the session store. Store the additional data in the session store. When you go to federation, pull the data from the session store and insert into the assertion.

     

    hope this helps.

     

    Thanks,
    Sharan