Symantec Access Management

Is it possible to validate an attribute from header say email address from a form and validate with the domain, ie "@xyz.com" and redirect to different uri.

For example: if user is from xyz, validate the header from onauthattempt event in response and redirect to another uri.

If its possible, how to write a query for that in reponse expression

Chris_Hackett, mutas02

Could someone give some points on this?

Hi Joseph,

Yes, This can be achieved by writing an expression under Users tab in Policy along with "Webagent-OnAccept-Redirect" Response as below:

Policy > Users > User Directory >  Add Entry > switch Expression Editor Option to Expression Builder

Create a response to redirect to a specific url based on policy decision.

Regards

Ashok

Thanks Ashok,

this was helpful.

But what I am looking is to get the mail attribute onAttempt, thats even before validating. 

Scenario:

User will be provided with a login page only email field and that user may or may not be in the user directory. On entering the email and clicking on login the user should be redirected to different SAML uri. Where the user will be authenticated at their IDP. And SP will be from my end.

For example: if user uses someone@somedomain.com, i should validate with somedomain.com from the header and pass it through response to redirect to another SAML uri

As there is no validation to do at Policyserver/user directory at this stage, This can be achieved by using a piece of java script on the login page to validate the email and redirect it to appropriate url. Also you can capture the Target url(originally accessed) and pass it along to SP depends on your requirement.

Thank you mutas02 (Ashok).