How to transform the value of an octet attribute from Active Directory ?

book

Article ID: 16907

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction



We're sending a User Attribute in a Response. The Attribute we use is objectGUID from Active Directory. The problem is that the browser recieves the Attribute value as an octet. This is because the Active Directory stores it as an octet.

 

Then, the response the browser receives from SSO in httpheader is

 GUID=)%uffdd%06%3d%uffdd%24%uffdd%40%uffddD%18A%uffdd%uffdd%03%05

How can we make this value a String ?

 

Environment

Release:
Component: SMPLC

Resolution

You have to convert the value at the Policy Server level first. We do not provide an out of the box functionality to transform an Attribute value from Octet to String. However, you can use an Active Expression as Response and put Java code that will do it for you.

 

Find a sample below, there are many others over the Internet:

https://stackoverflow.com/questions/10326900/how-to-convert-an-octet-string-to-readable-string

 

On the Policy Server side, you have to run your own code to make the transformation and send the value as a string to the browser.