Symantec Access Management

  • 1.  Multivalue attribute wants to send as comma separated

    Posted Feb 19, 2019 01:22 PM

    Hi,

    I have to send the attribute value as comma separate group.

    Use case is:

    If user is part of two groups those group name has to be send in the attribute value. I tried this expression but getting the same expression in the attribute value.

    TRANSLATE((Filter(ENUMERATE(Get('isMemberOf'), STRING(RDN(STRING(%0), TRUE))),'*')),'^,',')

    Output should be as below:

    <ns2:Attribute Name="GROUPS" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <ns2:AttributeValue>group1,group2</ns2:AttributeValue>
    </ns2:Attribute>


    Note: If user is part of one group alone, it has to send one group only in Attribute value.

    Please suggest on this.



  • 2.  Re: Multivalue attribute wants to send as comma separated

    Posted Feb 20, 2019 11:38 AM

    Hi HubertDennis

     

    I have tried the thread CA SSO : Is there a way we can separate multi valued attribute using comma (,) instead of caret (^)?  and used the below expression but didnt work. 

    I tried with the given expression. 

    Since we are using ODSEE , i have changed SM_USERNESTEDGROUPS to Get('isMemberOf')

     

    TRANSLATE(ENUMERATE(Get('isMemberOf'), STRING(RDN(STRING(%0), FALSE))),'^',',',TRUE)

     

    I am getting this same expression in SAML response. Could you suggest me if I am making any mistake here. 

    Please provide the suggestion as it is needed little bit faster. 

     

    Thanks in advance. 



  • 3.  Re: Multivalue attribute wants to send as comma separated

    Broadcom Employee
    Posted Feb 22, 2019 06:09 PM

    Hi Karthik,

     

    The FMATTR prefix can be used to change the delimiter for multi-valued assertion attributes from carets to commas.  Details are in the following knowledge document:

     

    Multi-Value SAML Assertion Attribute Format

     

    Regards,

    Pete



  • 4.  Re: Multivalue attribute wants to send as comma separated

    Posted Feb 26, 2019 11:39 AM

    Hi Pete_Burant

     

    Thanks for sharing the link.
    In the given link, it mentioned as , If MailA1 is the assertion attribute name and Email is the directory attribute that contains the values, setting the assertion attribute Value to FMATTR:Email will result in comma-delimited values on a single line as follows:

    Actually in our directory we have two groups called group1 and group2. Display name of group names are different.
    Both groups has users. If I have keep FMATTR:isMemberof the result shown as single line.


    <ns2:Attribute Name="testgroups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                    <ns2:AttributeValue>group1</ns2:AttributeValue>
                    <ns2:AttributeValue>group2</ns2:AttributeValue>
                </ns2:Attribute>
            </ns2:AttributeStatement>
        </ns2:Assertion>

    If user is part of both groups , how to send both groups in comma seperated?
    Please suggest.