Symantec Access Management

Hi, 

I have to create send the SAML response with alternate email attribute value, if original mail attribute value is null. 

Ex: If LDAP attribute "mail" value is null, need to send another attribute "altemail" value in response. 

I am new to writing OGNL expressions for federation. Could someone help me on this and suggest to some documents to learn this?

Thanks in advance. 

Hi all, 

In Assertion Configuration, I have created an expression like this. 

LENGTH(altssoemail)=0?mail:altssoemail 

To check length of the altssoemail attribute value length. If it is zero the mail attribute value has to assign it to altssoemail value. 

Currently the altssoemail value set is empty in LDAP.  But i am not able to achieve this. 

Not sure the written expression has any error on it. 

Please anyone provide thoughts on this. 

Can someone help me on this? 

HubertDennis Could you please assist on this?

I have followed this post to find the LENGTH of the attribute value but did not work. 

LENGTH(altssoemail)=0?mail:altssoemail

siteminder expression response : conditional checks  

Your expression is correct. But did you focus on the Hubert's screen print for format of the expression(spaces in between) ?

Try this out.

LENGTH(altssoemail) = 0 ? mail : altssoemail

Hi mutas02, 

Thanks for your reply. 

I tried that as well but no luck. 

Seems the written expression is a standard one. Will that work in Federation Assertion attribute configuration? 

I tried JUEL expression like, {#{empty attr["altemail] ? attr["exist"] : attr["mail"]}

But getting an error as , Error:Invalid Expression. Evaluation of expression failed!

Please suggest. 

Hi mutas02, 

I have written this expression #{empty attr["mail"] ? attr["altemail"] : attr["mail"]} and it worked for me. 

Thanks.