Issue:
Using the ‘Query LDAP’ assertion to retrieve binary attributes can produce undesired output. For example:
Attribute Name: objectGUID
Retrieved Value: [B@405217f8 OR ????x D?&zd ??5
Environment:
CA API Gateway
Cause:
As these values are stored as binary they will need to be treated as such. A special indicator is required in the assertion to signify the binary value. This indicator will retrieve the attribute as a base64 encoded value.
Resolution:
1. Add the ‘Query LDAP’ Assertion to policy
2. Edit the assertion properties and add an LDAP attribute

3. Append the Attribute name with ;binary

4. The output will now be available as a base64 encoded value
Example: obbk7eV4A0SRJnpkHJSjgQ==