AnsweredAssumed Answered

Expression in Federation to add @xyz.com after uid

Question asked by ChristJS on Jan 3, 2019
Latest reply on Jan 7, 2019 by ChristJS

Dear All,

 

Wish you all a Very Happy and Prosperous New Year 2019.

HubertDennis

 

Here is my question.

 

I am trying to add a string "@xyz.com" after uid.

 

1. I have created a expression and used that expression in user directory as suggested in various threads.

 

 

2. I have used the expression name from user directory in the federation Assertion Attribute as below.

 

but still i am not able to get what i am looking for. that is (uid@xyz.com).

 

How can i get this manipulated and passed into the assertion.

 

and below is the log i see, which is empty.

 

</ds:Signature>
<ns2:Subject>
<ns2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">josch@****.**</ns2:NameID>
<ns2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<ns2:SubjectConfirmationData NotOnOrAfter="2019-01-03T08:19:48Z" Recipient="https://login.microsoftonline.com/login.srf"/>
</ns2:SubjectConfirmation>
</ns2:Subject>
<ns2:Conditions NotBefore="2019-01-03T08:17:48Z" NotOnOrAfter="2019-01-03T08:19:48Z">
<ns2:OneTimeUse/>
<ns2:AudienceRestriction>
<ns2:Audience>urn:federation:MicrosoftOnline</ns2:Audience>
</ns2:AudienceRestriction>
</ns2:Conditions>
<ns2:AuthnStatement AuthnInstant="2019-01-03T08:18:18Z" SessionIndex="6DlqRYL6Ct0N6mkpMsQ5lZX1FcY=5GZC9A==" SessionNotOnOrAfter="2019-01-03T08:19:48Z">
<ns2:AuthnContext>
<ns2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ns2:AuthnContextClassRef>
</ns2:AuthnContext>
</ns2:AuthnStatement>
<ns2:AttributeStatement>
<ns2:Attribute Name="EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>josch@***.xx</ns2:AttributeValue>
</ns2:Attribute>
<ns2:Attribute Name="UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue/>
</ns2:Attribute>
<ns2:Attribute Name="ImmutableID" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>josch</ns2:AttributeValue>
</ns2:Attribute>
<ns2:Attribute Name="First name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>Joseph</ns2:AttributeValue>
</ns2:Attribute>
<ns2:Attribute Name="Last name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>Christie</ns2:AttributeValue>
</ns2:Attribute>
<ns2:Attribute Name="username" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<ns2:AttributeValue>josch</ns2:AttributeValue>
</ns2:Attribute>
</ns2:AttributeStatement>
</ns2:Assertion>

 

in the logs, UPN value is empty and nothing is passed to the assertion.

 

any clue or suggestion will be really great.

 

PS: I have referred to following threads, before posting this question here.

 

https://communities.ca.com/thread/241738164

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/attributes-and-expressions-reference/

https://communities.ca.com/thread/241751620
https://communities.ca.com/thread/241782406-using-expression-in-a-federation-partnership
https://communities.ca.com/thread/100045213
https://communities.ca.com/thread/241738111

Outcomes