Message Image

Skip main navigation (Press Enter).

Symantec Access Management

View Only

Back to discussions

Expand all | Collapse all

Using Expression in a Federation Partnership

Jump to Best Answer

K.AnuragAug 14, 2017 09:47 AM

How can we make use of the Type 'Expression' while configuring 'Assertion Attributes' in a Federated ...

Legacy UserAug 14, 2017 10:48 AMBest Answer

cn=Adminprofile_ABC,dc=ca,dc=com You would need an expression something like this. AFTER(AFTER(member,'cn'),'=') ...

1. Using Expression in a Federation Partnership

0 Recommend
K.Anurag
Posted Aug 14, 2017 09:47 AM

Reply Reply Privately
How can we make use of the Type 'Expression' while configuring 'Assertion Attributes' in a Federated Partnership ?

e.g.
if we refer to the below post which talks about sending only the value 'Adminprofile_ABC' out of the "cn=Adminprofile_ABC,dc=ca,dc=com", in Response as a http header.

Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

If the attribute name is 'member' in User Directory, how the Expression can be used to achieve the same in Federation Partnership i.e. configuring and sending only cn value in SAML assertion ?
(in User Directory, 'member' attribute is having value "cn=Adminprofile_ABC,dc=ca,dc=com" )

Regards,
Anurag
2. Re: Using Expression in a Federation Partnership
Best Answer

0 Recommend
Legacy User
Posted Aug 14, 2017 10:48 AM

Reply Reply Privately
cn=Adminprofile_ABC,dc=ca,dc=com
You would need an expression something like this.
AFTER(AFTER(member,'cn'),'=')

Examples:
username@region.company.com - (BEFORE(AFTER(userprincipalname,'@'),'.')+"-"+uid) becomes region-username

Create a named expression #MyExpression with your expression syntax
Create an attribute mapping which calls your named expression
In your partnership for the name attribute, you can reference a user attribute and call your attribute mapping.

Copyright 2019. All rights reserved.

Powered by Higher Logic