Symantec Access Management

  • Private Community
 View Only

  • 1.  Active expression in affliate domain

    Posted Apr 04, 2017 03:51 AM

    I know we can set an active expression as the response attribute for policy domain. I want to know if I can set an active expression as an attribute for affliate domain as well. I know this can be done through AGP code, but I am not sure if there is any new feature that is available that makes this simpler. We would like to set the AD group a user is part of in the attribute.

     

    For an example, we need to identify the user membership and record in SAML. Generally, we use SmWalker library for normal web agent SSO applications but for Affiliate domains we use AGP.

     

    Is there feature which supports this without AGP library?



  • 2.  Re: Active expression in affliate domain

    Posted Apr 04, 2017 09:52 AM

    I dont find expression option available for Legacy Federation (Affliate domain) but we do have expression option for Partnership federation. It gives an option to construct the JUEL expressions and get the attributes which are required for the SAML Assertion.

     

    Below is one of the example for using JUEL Expressions.

    https://www.ca.com/us/services-support/ca-support/ca-support-online/knowledge-base-articles.tec1945124.html 

     

    Thanks,

    Sharan