search cancel

Filter expression for Agent Header Response

book

Article ID: 212189

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

We would like to set headers from a multi valued directory attribute when it only contains 2 characters. 

Some might contain 3 or 4 characters, but we only want to return the headers with the attributes that contain 2 characters.  For example:

LDAPAttribute contains 4 values:
LDAPAttribute = AB
LDAPAttribute = CD
LDAPAttribute = 7890
LDAPAttribute = 1234

We only want to return LDAPAttribute=AB,CD

Environment

Release : 12.8

Component : SITEMINDER FEDERATION SECURITY SERVICES

Cause

SiteMinder documentation is not able to cover all the use case customers have, it requires the user to be familiar with JUEL, and doesn't go a whole lot in detail, and leaves it as an exercise to the reader.

Generally the expression question can be out of support scope, hence customer saw the community discussion threads.

Customer may need to seek HCL service team for further help in configuring response expressions.

Resolution

Here is a configuration example:

LDAP holds 3 separate values for postalcode.
postalCode=3131
postalCode=ab
postalCode=cd

Here is web agent response expression configuration from admin ui:

postalCodeshort=<$expr="FILTER(GET("postalCode"), "??")"$>

The expression returns any 2 bytes string, character or number.

 1. Make sure Variable Name has no underscore.
 2. Set response cache to "recalculate value every x seconds".

Testing the application target to a header dump page, you will get:

HTTP_POSTALCODE='3131^ab^cd'
HTTP_POSTALCODESHORT='ab^cd'

HTTP_POSTALCODESHORT holds the expected values.

Additional Information

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=744404 

Attachments

Powered by Wolken Software