Symantec Access Management

 View Only
  • 1.  Issue with the assertion generator plugin

    Posted Feb 02, 2016 08:18 AM

    Hi All,

     

    We have an application which does not allow users with id's containing "$". In order to by pass this we have configured assertion generator plugin to replace "$" with "0". This works fine and we are able to see "$" is being replaced with "0". But this happens only for one attribute in the assertion , the other attributes which are configured to use uid still contain the $. Is there a way to achieve this so that the plugin replaces the character in each attribute where uid is configured to use.



  • 2.  Re: Issue with the assertion generator plugin

    Broadcom Employee
    Posted Feb 02, 2016 01:49 PM

    If I understand you correctly you currently have an application written using the Assertion Generator Plugin (AGP) that parses the input assertion, finds a particular attribute, and replaces the "$" in it with a "0".  The AGP only has one method, customizeAssertion().  It takes the entire assertion in as input, but you need to parse though it to get the other attributes you want to change.  There is no specialized method that will do this.



  • 3.  Re: Issue with the assertion generator plugin

    Posted Feb 03, 2016 07:20 AM

    Hi Sandra,

     

    Thanks for your response. I am not sure if we are using a customized assertion generator plugin and i don't have much info on this. But the configuration which was done in the partnership is as below:

    Unspecified
    User Attribute
    SAMACCOUNTNAME
    No
    com.netegrity.assertiongenerator.SAML2AssertionNameIdSub
    replace_char=$;substitute_char=0;

     

    and we have other attributes configured after this setting which are mapped with SAMACCOUNTNAME . when the assertion gets generated it replaces only one attribute with 0 and rest of the attributes which use SAMACCOUNTNAME

    contain $.Does this require us to create a customize assertion gernerator plugin or is there something provided with in the product to overcome this issue.



  • 4.  Re: Issue with the assertion generator plugin

    Posted Feb 04, 2016 04:17 PM

    You need to look at java code inside file - "SAML2AssertionNameIdSub.java" (unjar/unzip the file SAML2AssertionNameIdSub.jar) to understand how its replacing character.

    Probably, its just looking and working on first instance of "replace_char" and then exiting out.

     

    You might have to repurpose/extend the java code to look into all attributes in order to achieve desired results.



  • 5.  Re: Issue with the assertion generator plugin

    Posted Feb 04, 2016 03:40 PM

    So your screenshot shows you did configure the AGP.
    (If you empty the plugin field and its parameter field then you will get the untouched assertion.)
    For AGP, you need to find out who compiled the plugin and check with that person about what you want to achieve.