Symantec Access Management

  • 1.  Need help on SiteMinder SAML expression

    Posted 01-23-2019 07:11 AM

    Hi, 

    I have to create send the SAML response with alternate email attribute value, if original mail attribute value is null. 

    Ex: If LDAP attribute "mail" value is null, need to send another attribute "altemail" value in response. 

     

    I am new to writing OGNL expressions for federation. Could someone help me on this and suggest to some documents to learn this?

     

    Thanks in advance. 



  • 2.  Re: Need help on SiteMinder SAML expression

    Posted 01-23-2019 01:22 PM

    Hi all, 

     

    In Assertion Configuration, I have created an expression like this. 

    LENGTH(altssoemail)=0?mail:altssoemail 

    To check length of the altssoemail attribute value length. If it is zero the mail attribute value has to assign it to altssoemail value. 

    Currently the altssoemail value set is empty in LDAP.  But i am not able to achieve this. 

    Not sure the written expression has any error on it. 

    Please anyone provide thoughts on this. 



  • 3.  Re: Need help on SiteMinder SAML expression

    Posted 01-24-2019 09:15 AM

    Can someone help me on this? 

    HubertDennis Could you please assist on this?

    I have followed this post to find the LENGTH of the attribute value but did not work. 

    LENGTH(altssoemail)=0?mail:altssoemail

    siteminder expression response : conditional checks  



  • 4.  Re: Need help on SiteMinder SAML expression

    Broadcom Employee
    Posted 01-24-2019 10:53 AM

    Your expression is correct. But did you focus on the Hubert's screen print for format of the expression(spaces in between) ?

     

    Try this out.

     

    LENGTH(altssoemail) = 0 ? mail : altssoemail



  • 5.  Re: Need help on SiteMinder SAML expression

    Posted 01-24-2019 11:44 AM

    Hi mutas02

     

    Thanks for your reply. 

    I tried that as well but no luck. 

    Seems the written expression is a standard one. Will that work in Federation Assertion attribute configuration? 

    I tried JUEL expression like, {#{empty attr["altemail] ? attr["exist"] : attr["mail"]}

     

    But getting an error as , Error:Invalid Expression. Evaluation of expression failed!

     

    Please suggest. 



  • 6.  Re: Need help on SiteMinder SAML expression
    Best Answer

    Posted 01-24-2019 12:28 PM

    Hi mutas02

     

    I have written this expression #{empty attr["mail"] ? attr["altemail"] : attr["mail"]} and it worked for me. 

    Thanks.