Symantec Access Management

Expand all | Collapse all

Multivalue attribute wants to send as comma separated

  • 1.  Multivalue attribute wants to send as comma separated

    Posted 02-19-2019 01:22 PM


    I have to send the attribute value as comma separate group.

    Use case is:

    If user is part of two groups those group name has to be send in the attribute value. I tried this expression but getting the same expression in the attribute value.

    TRANSLATE((Filter(ENUMERATE(Get('isMemberOf'), STRING(RDN(STRING(%0), TRUE))),'*')),'^,',')

    Output should be as below:

    <ns2:Attribute Name="GROUPS" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

    Note: If user is part of one group alone, it has to send one group only in Attribute value.

    Please suggest on this.

  • 2.  Re: Multivalue attribute wants to send as comma separated

    Posted 02-20-2019 11:38 AM

    Hi HubertDennis


    I have tried the thread CA SSO : Is there a way we can separate multi valued attribute using comma (,) instead of caret (^)?  and used the below expression but didnt work. 

    I tried with the given expression. 

    Since we are using ODSEE , i have changed SM_USERNESTEDGROUPS to Get('isMemberOf')




    I am getting this same expression in SAML response. Could you suggest me if I am making any mistake here. 

    Please provide the suggestion as it is needed little bit faster. 


    Thanks in advance. 

  • 3.  Re: Multivalue attribute wants to send as comma separated

    Broadcom Employee
    Posted 02-22-2019 06:09 PM

    Hi Karthik,


    The FMATTR prefix can be used to change the delimiter for multi-valued assertion attributes from carets to commas.  Details are in the following knowledge document:


    Multi-Value SAML Assertion Attribute Format




  • 4.  Re: Multivalue attribute wants to send as comma separated

    Posted 02-26-2019 11:39 AM

    Hi Pete_Burant


    Thanks for sharing the link.
    In the given link, it mentioned as , If MailA1 is the assertion attribute name and Email is the directory attribute that contains the values, setting the assertion attribute Value to FMATTR:Email will result in comma-delimited values on a single line as follows:

    Actually in our directory we have two groups called group1 and group2. Display name of group names are different.
    Both groups has users. If I have keep FMATTR:isMemberof the result shown as single line.

    <ns2:Attribute Name="testgroups" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

    If user is part of both groups , how to send both groups in comma seperated?
    Please suggest.