search cancel

Using JUEL Expressions in a SAML Assertion with Siteminder

book

Article ID: 238222

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder)

Issue/Introduction

Occasionally you may need to customize an assertion, such as add conditions or manipulate the assertion.  This can be achieved by using a JUEL expression.

Environment

Release : 12.8.x

Component : Federation

Resolution

NOTE: much of the syntax of JUEL uses characters.  In almost all cases, the character is literal with the exception of < > which will denote a <variable>

JUEL expressions are based on conditional expressions

-------------------
SYNTAX:

#{<If-Statement>?"<Then-Value>":"<Else-Value>"}

attr["<attribute_name>"]

OPERATORS:

Equals:  ==
AND: && 
OR: || 
Not Equals: != 
-------------------

If the IF statement is True, then the THEN is value is used.  If the IF statement is false, then the THEN value will be skipped and the ELSE value will be set.

####### USE CASE ######

User Store has the following Attributes: "UserID" & "DealerID".  Partner is asking for these to be combined and sent as a single value in a SAML Assertion.

Exasmple: 

UserID = 1123445
DealerID= HNDABOS1

They want the SAML Assertion to read  “1123445HNDABOS1"

#{attr["UserID"] && attr["DealerID"] == '*' ? attr["UserID"] && attr["DealerID"] : 'Missing_Atribute'}

This would query for the "UserID" attribute to be present and populated with any value AND the DealerID attribute to be populated with any value.  IF so, it will set the assertion value to be both the UserID value and DealerID value.  If one or both are missing, it would set the assertion to "Missing_Attribute".

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/partnership-federation/assertion-configuration-at-the-asserting-party/how-to-configure-claims-transformation-at-the-asserting-party.html