Introduction: 

Force Upper/Lower Case in NameID/Assertion Attributes

Question: 

Some of our partners use a case sensitive username. Unfortunately, the Name ID we send in the SAML assertion, coming from the Active Directory user directory, is in mixed case. And often times, the database of usernames the vendor does not match the same mixed case as in Active Directory/LDAP (and thus the SAML Name ID in the assertion).

Is there an easy way to force the Name ID/Assertion Attributes being sent in a SAML 2.0 HTTP Browser POST binding to always be upper or lower case, regardless of what is in the AD User Directory?

Environment:  

R12.0 SP2/SP3, R12.5, R12.51, R12.52

Answer: 

Yes we can achieve the use case using UCASE/LCASE functions in an expression.

Please follow below steps.

1) Go to Infrastructure --> Directory and User directory.

2) Modify the user directory which you are using for Partnership federation.

3) Create a virtual Attribute Mapping using an expression.

For Example: name of the attribute mapping=lower_case

Expression: LCASE(uid) --> (here uid is the attribute which you are trying to fetch from the LDAP), if you want upper case, please use "UCASE"

<Please see attached file for image>

<Please see attached file for image>

4) Go to Partnership federation and click on Assertion Configuration settings.

5)

a) Enter the NameID value as "lower_case" (i.e attribute mapping name)

<Please see attached file for image>

b) Enter the Assertion Attribute value as “lower_case" (i.e attribute mapping name)

<Please see attached file for image>

6) Submit and activate the partnership.