Symantec Access Management

Hi,

I have a response with <%userattr="memberof" %>

Pulled out AD of user group1^group2^group3^

The user has 20 groups. 

It works perfectly in SM 12.0x environment.

But when we move to 12.7 environment. Only 1 group is pulled out. Sometimes no group is pulled out.

Is it a known problem?

Is it a configuration problem? Or something Internal? Can you point us some direction for further investigation?

Thanks and regards,
Eric

Hi Eric,

Have you tried using memberOf rather than memberof? 

There was a bug with 12.7SP2 where this was made unintentionally case sensitive. I am not sure if it also was in older releases. It is fixed in code and will be in the next release.

Can I suggest you try using memberOf? If this works and you are happy with the work around then personally, I would wait for the next release. There is a dev fix which might fix this for you (sorry, I am unaware of the full details of either your situation or the defect so cannot say for certain) then log a case with support and mention that it sounds like DE356875 (or just refer to this thread ).

Thanks, Simon.

Thank you.

Have logged a case

Hi Eric,

Refer : SSO R12.52 SP1 CR08 Issue with retrieving attribu - CA Knowledge 

This is caused by a known Defect where the lookup for the user attribute was case sensitive.

Regards,

Leo Joseph.

Hi ,

Per Simon , we had a defect reported for the attribute being case sensitive.

However, from your Description, you mentioned that one Group is returned and sometimes none.

if you were hitting the Defect, Then no groups should be returned at all .

For this, within the CA Support Case, they will be able to analyze the logs and see what is happening 

Regards 

Joe 

wirks now using memberOf