Virtual User Attribute value coming back empty in an assertion
search cancel

Virtual User Attribute value coming back empty in an assertion

book

Article ID: 415408

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

An assertion has been defined where a user Attribute is being returned by means of Attribute Mapping consisting of a Directory search filter. For instance virtual attribute virt_attr1 in the screenshots below is mapped to a search in User directory with a filter specified below

 

Filter is 

FILTER(GET(memberOf),'CN=<cn_1>*') UNION  
FILTER(GET(memberOf),'CN=<cn_2>*') UNION 
FILTER(GET(memberOf),'CN=<cn_3>*')

Under these conditions, assertions generated do not contain any value for attr1, that is, it looks like the filter is not returning anything, even if data are there. So assertions generated will contain the following in the AttributeStatement section:

        <ns2:AttributeStatement>
            <ns2:Attribute Name="attr1"
                           NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
                           >
                <ns2:AttributeValue/>
            </ns2:Attribute>
        </ns2:AttributeStatement>

Where no value is specified

 

Environment

CA SiteMinder 12.9 and 12.8.8 and possibly other versions

Resolution

Specify the attribute name to be retrieved in the filter in quotations

That is, in the previous filter definition use

FILTER(GET('memberOf'),'CN=<cn_1>*') UNION  
FILTER(GET('memberOf'),'CN=<cn_2>*') UNION 
FILTER(GET('memberOf'),'CN=<cn_3>*')

Additional Information

Please see the GET Function--Locate Attributes in a User Directory reference for more information on Operators

Powered by Wolken Software