Layer7 API Management

Expand all | Collapse all

LDAP identity provider built-in attributes

Jump to Best Answer
  • 1.  LDAP identity provider built-in attributes

    Posted 06-30-2017 06:07 AM



    For one of our customers we need to extract the department attribute from our active directory using the Authenticate Against Identity Provider/Extract Attributes for Authenticated User assertions.
    As I understand, the "Department" attribute is a built-in predefined attribute. Unfortunately, the corresponding context variable authenticatedUser.department is empty, although we have a "department" attribute filled in in our AD directory. All other context variables in the example below are filled with the correct values. Can someone clarify which LDAP attribute is referenced by the built-in "Department" attribute? CA API gateway verrsion is 9.1 build 6342. Thanks in advance.


  • 2.  Re: LDAP identity provider built-in attributes
    Best Answer

    Posted 08-02-2017 07:30 PM

    We tested what you had outlined and found that it would not accept the built in one but it would work if you set it up as a custom attribute.





    Stephen Hughes

    Director, CA Support