I don't have anything off the top of my head other than adding a comma using an expression but you must have thought about it which is going to be an expensive expression for a comma :(
Most customers just send the CN values of the groupnames and they already come with separator automatically.
Are you doing this because the number of groups are beyond what can be set in the assertion?
How about custom assertion generator to handle it there instead of using expression?
------------------------------
Support Engineer 5
Broadcom
------------------------------
Original Message:
Sent: 10-20-2019 12:09 PM
From: Karthick Sugumaran
Subject: SAML Expression to send displayName attribute value of the group in comma separated
Any experts have suggestion on this expression?
Please advise.
Original Message:
Sent: 10-09-2019 11:18 AM
From: Karthick Sugumaran
Subject: SAML Expression to send displayName attribute value of the group in comma separated
Hi @Patrick Dussault,
Any suggestion on this please?
Original Message:
Sent: 10-04-2019 01:48 PM
From: Karthick Sugumaran
Subject: SAML Expression to send displayName attribute value of the group in comma separated
Hi,
I need to send Attribute value SAML response in comma separated or values in same element(like we sent using FMATTR:) to SP.
Challenge which I am facing is need to send the display value of the group name. Here the display values are numeric numbers 1, 2, 3, and 4.
Attribute value of displayName for this Group cn=A12345,ou=groups,o=xyz.com is 1
Attribute value of displayName of this Group cn=B12345,ou=groups,o=xyz.com is 2
Attribute value of displayName of this Group cn=C12345,ou=groups,o=xyz.com is 3
Attribute value of displayName of this Group cn=D12345,ou=groups,o=xyz.com is 4
SAML response:
<Atrribute Name="roles"><Atrribute Name="roles">
<AttributeValue>1</AttributeValue>
<AttributeValue>2</AttributeValue>
<AttributeValue>3</AttributeValue>
<AttributeValue>4</AttributeValue>
</Atrribute Name>
(or)
<ns2:Attribute Name="roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"> <ns2:Atrribute values="roles">1,2,3,4</ns2:AttributeValue></ns2:Attribute>
As per process we cannot keep group cn value as numeric values in Directory server. So, I cannot use the below mentioned expression to send comma separated value.
TRANSLATE(ENUMERATE(Get('isMemberOf'), STRING(RDN(STRING(%0), FALSE))),'^',',',TRUE)
I have tried the below expression but it gives comma infront, if user are not part of that groups (Ex Group DN: cn=A12345,ou=groups,o=xyz.com and cn=B12345,ou=groups,o=xyz.com) and but present present in Y12345 and Z12345.
Attribute value of displayName for this Group cn=A12345,ou=groups,o=xyz.com is 1
Attribute value of displayName of this Group cn=B12345,ou=groups,o=xyz.com is 2
Attribute value of displayName of this Group cn=C12345,ou=groups,o=xyz.com is 3
Attribute value of displayName of this Group cn=D12345,ou=groups,o=xyz.com is 4
(GET('isMemberOf') CONTAINS ('A12345') ? '1' : '') + "," + (GET('isMemberOf') CONTAINS ('B12345') ? '2' : '') + "," + (GET('isMemberOf') CONTAINS ('C12345') ? '3' : '') + (GET('isMemberOf') CONTAINS ('D12345') ? '4' : '')
The result for above expression is ,,3,4
The expected expression should be just 3,4.
Could someone please suggest on this?
Thanks in advance.