AnsweredAssumed Answered

Some extra help with SiteMinder expression attribute

Question asked by dmt953 on Jun 23, 2018
Latest reply on Oct 24, 2018 by idamguy

Hello Everyone,

 

I had been monkeying around the past week tweaking all different possible ways of trying to accomplish this and folks here had helped gotten quite far but I am just about there.

 

What I need is to pass one SAML attribute which will contain only one of several possible user role values.

 

A) pass a SAML attribute name "UserRole"

B) Evaluate the user's "memberOf" AD attribute to see which of those three AD groups that the user belongs to and pass a corresponding role name:

(1) if user is member of AD group "org_manager"  - - - > pass this role name value:  "admin-user"

(2) if user is member of AD group "org_developer"  - - - >  pass this role value:  "power-user"

(3) if user is member of AD group "org_employee"  - - - >  pass this role value: "user"

 

This expression works for me - - > GET('memberOf') CONTAINS ('org_manager') ? "admin-user" : ""

 

So with that expression I can pass the role value of "admin-user" in the SAML attribute if the user is a member of the "org_manager" AD group, but what if the user is a member of the "org_developer" of which I would need to pass the corresponding role value of "power-user" instead, and like wise if the user is a member of "org_employee" then I would need to pass the role value of "user".

 

I need to add onto this expression - - >  GET('memberOf') CONTAINS ('org_manager') ? "admin-user" : "" so that it will evaluate the two other possible AD groups from memberOf, something like this:

 

GET('memberOf') CONTAINS ('org_manager') ? "admin-user" : "" + CONTAINS ('org_developer') ? "power-user" : "" + CONTAINS ('org_employee') ? "user" : ""

 

 

Would very much appreciate any help on figuring this out.

 

Thank you!

Outcomes