Hi All,

 

I am trying to integrate Alicloud with CA Federation. The integration is similar to AWS and we are required to pass the below attribute as part of assertion:

https://www.alibabacloud.com/SAML-Role/Attributes/Role

I am stuck with the issue in case a user has multiple roles.Please note the roles in Alicloud are required to be passed in the below format:

<Attribute Name=https://www.aliyun.com/SAML-Role/Attributes/Role> <AttributeValue>acs:ram::$account_id:role/role1,acs:ram::$account_id:saml-provider/provider1</AttributeValue> <AttributeValue>acs:ram::$account_id:role/role2,acs:ram::$account_id:saml-provider/provider1</AttributeValue> </Attribute>

To achieve this, tried multiple ways to form a expression in attribute mapping associated with the user directory but none of it works. The main challenge is concatenation of these static strings to the roles. I have managed to filter out the roles but adding the before and after strings is not working. As of now, I am using the below expression followed by FMATTR:Virtual Attribute Name as value in the federation patnership to the role attribute.

 

“acs:ram::***************:role/” + Filter(ENUMERATE(GET(‘FMATTR:memberOf’),String(RDN(STRING(%0),FALSE))),’ABC*’) + “,acs:ram::***************:saml-provider/test-sp1″

 

The above does not work and is good only when the user has single role assigned.

Any help is much appreciated.

 

Regards,

Aishwarya


Source: New feed
{pubDate}

Leave a Reply

Your email address will not be published. Required fields are marked *