Symantec Access Management

Expand all | Collapse all

Using Expression in a Federation Partnership

Jump to Best Answer
  • 1.  Using Expression in a Federation Partnership

    Posted 08-14-2017 09:47 AM

    How can we make use of the Type 'Expression' while configuring 'Assertion Attributes' in a Federated Partnership ?

     

    e.g.

    if we refer to the below post which talks about sending only the value 'Adminprofile_ABC' out of the "cn=Adminprofile_ABC,dc=ca,dc=com", in Response as a http header.

     

    Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..  

     

    If the attribute name is 'member' in User Directory, how the Expression can be used to achieve the same in Federation Partnership i.e. configuring and sending only cn value in SAML assertion ?

    (in User Directory, 'member' attribute is having value "cn=Adminprofile_ABC,dc=ca,dc=com" )

     

    Regards,

    Anurag



  • 2.  Re: Using Expression in a Federation Partnership
    Best Answer

     
    Posted 08-14-2017 10:48 AM

    cn=Adminprofile_ABC,dc=ca,dc=com

    You would need an expression something like this.

     AFTER(AFTER(member,'cn'),'=')

     

    Examples:

    username@region.company.com - (BEFORE(AFTER(userprincipalname,'@'),'.')+"-"+uid) becomes region-username

     

    1. Create a named expression #MyExpression with your expression syntax
    2. Create an attribute mapping which calls your named expression
    3. In your partnership for the name attribute, you can reference a user attribute and call your attribute mapping.