Layer7 API Management

Hello 

 Can someone provide me info how to modify the policy to retrieve real values from LDAP Identity Provider for OTK User Attribute Look Up Extension.When I hit the /openid/connect/v1/userinfo it give me static profile 'darth'. I tried integrating the LDAP with OTK User Attribute Look Up Extension policy but no luck.

Please help.

Thanks,

Bhargavi.

Bhargavi,

The policy will need to be crafted so that the values that you pull back from the LDAP are set into the section in the /userinfo branch and the values for each match userinfo.*** context variable so the current.user.attributes context variable will be sent back properly. If you attach your policy please review the XML as the LDAP information will be copied through.

Sincerely,

Stephen Hughes

CA Support

Hi Stephen,

Thanks for the reply.

I have integrated with LDAP to the OTK attributes policy.

But  MAS response I still see some of the fields it throwing empty.

I found a documentation page which I believe is relevant here, it includes instructions for MAS to map fields for identity providers, which I think may be what you need to do in this case if it wasn't done already.

Documentation: Configure MAS Identity - CA Mobile App Services - 1.3 - CA Technologies Documentation 

Hi Dustin,

Thanks for the reply.

we tested with Android app and  getting proper results but not for IOS. its giving empty results for IOS.

what could be the reason?

Thanks,

Bhargavi.

Hi Bhargavi, what Mobile SDK version are you using for Android and iOS? I would check if this works with the latest one (1.8.0) if you are not using this already. See for documentation and download: CA Developers, Mobile SDK for CA Mobile API Gateway - CA Technologies 

To clarify, do you mean it wasn't mapped previously and after following that documentation, it now works as expected for Android but not yet for iOS?

No Dustin,

We didn't made any changes apart from integrated with LDAP to the OTK User attribute lookup policy.

My client didn't tested with Android before. 

Thanks,

Bhargavi

Good afternoon,

Were you able to resolve the issue that you were seeing or do you need additional assistance?

Sincerely,

Stephen Hughes

Broadcom Support

Hi Stephen,

Issue is resolved now.

I have added  LDAP query assertion to the policy and set context variables to it.

I have added below fields to  "set context variable userinfo.profile".

 "given_name":"${ldap_full_name[1]}",
 "family_name":"${ldap_full_name[0]}",
 "formattedName":"${ldap_full_name[1]} ${ldap_full_name[0]}",
 "nickname":"${ldap_full_name[0]}",
 "employeeID":"${ldap_sap_id}",
 "preferred_username":"${given_username}"

By adding "given_name" in this format mas sdk could able to read the field on both IOS and Android.

Thanks,

Bhargavi.