Hi Team,

This is the continuation of Need help on SiteMinder SAML expression .

Few users mail attribute value is empty so, we have to use another mail attribute(altemail) value from LDAP.

I have written the expression as #{empty attr[“mail”] ? attr[“altemail”] : attr[“mail”]} in the value of Assertion Configuration(Partner Federation).

I am able to pass the altssomail attribute value(LDAP) in SAML Response, if mail attribute value(LDAP) is null by using the expression.

</ns2:Attribute>
<ns2:Attribute Name=”email” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified”>
<ns2:AttributeValue/>
</ns2:Attribute>
<ns2:Attribute Name=”emailAddr” NameFormat=”urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified”>
<ns2:AttributeValue>xyz@example.com</ns2:AttributeValue>
</ns2:Attribute>
</ns2:AttributeStatement>

Here the tricky is, third party application workfront SSO configuration has mapped the Directory attribute as “mail” to the corresponding Workfront Attribute

Ex: Workfront attribute : Email Address
Directory attribute : mail

Since the expression have written in value column, it is taking value and sending it to workfront as altemail attribute value. But workfront is expecting Directory value of mail.

 

Is there any way that, if mail attribute value is null it has to pickup altemail attribute value but it should send the altmail’s value to workfront mail Directory attribute.

 

Please let me know your thoughts.

 

Thanks. 


Source: New feed
{pubDate}

Leave a Reply

Your email address will not be published. Required fields are marked *