Layer 7 Access Management

Tech Tip : CA Single Sign-On : How to customize a virtual attribute in a federation with use of OIDC

  • 1.  Tech Tip : CA Single Sign-On : How to customize a virtual attribute in a federation with use of OIDC

    Posted 11-20-2018 05:14 AM

    Question:


    We're configuring Siteminder as OIDC Authorization Provider and having
    set a virtual User attribute to returns multivalue LDAP attribute,
    then the claims associated with it presents the data with a caret and
    you'd like to know how to modify the format of the response header.

    We've configured the virtual attribute in the Directory attribute
    mapping as :

     

    ENUMERATE(memberOf,STRING(RDN (STRING(%0),FALSE)))

     

    The value are retrieved but the target server recieves the information
    as :

     

    "groups":"My_First_Group^My_Second_Group".

     

    We'd like to know how to modify the answer to be

     

    "groups":["My_First_Group","My_Second_Group"].

     

    How can we do it ?

     

    Answer:

     

    Policy Server supports multi-values, but out of the box, each value is
    separated from the other by a caret "^" and this is not
    configurable. It suggested to use a custom code to change it.

    If you need the functionality to allow to choose the way the mutiple
    values should be separated, then we invite you to open a Enhancement

    Request by writing an Idea on the Security page :

     

    1. Go to the CA Security Overview Page :
    https://communities.ca.com/community/ca-security/ca-single-sign-on
    2. Click on the "Actions" drop-down menu and select "Create an
    idea."
    3. Give your idea a title and detailed description to encourage
    voting.
    4. Publish and vote on your idea!


    KB : KB000121383