SAML Assertion NameID: Concatenated value

book

Article ID: 127755

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We have SAML IdP partnership setup with one of our Service Provide in prod. As we're acting as IdP and consuming XYZ services, currently we're plugging LDAP attribute mail and passing it in the SAML assertion that was working fine until we ran into account duplication issues on XYZ side. To fix this issue, we have been requested to pass a concatenated value in the SAML Subject of the Assertion. That would consist of LDAP Attribute "username" (uid) and appended text value "@abc.com" that needs to look like this: "[email protected]". 

We have SAML IdP partnership setup with one of our Service Provide in prod. As we're acting as IdP and consuming XYZ  services, currently we're plugging LDAP attribute mail and passing it in the SAML assertion. That was working fine until we ran into account duplication issues on XYZ side, which is causing several issues with the SSO. To fix this issue, we have been requested to pass a concatenated value in the SAML Subject of the Assertion. That would consist of LDAP Attribute "username" (uid) and appended text value "@abc.com", so it needs to look like this: "[email protected]" as the NameID value.

Environment

R12.7

Resolution

Use virtual Attribute Mapping using an expression.

Example:

From Administrative UI:
User Directories > Modify User Directory: Oracle Dir > Create Attribute Mapping

For Example:
Name of the attribute mapping: employee

Expression: GET(uid)+""+"@abc.com" --> (here uid is the attribute to fetch from the LDAP)