How to append "@abc.com" to assertion attribute

Document ID : KB000046797
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

Adding/Appending “@abc.com” to an attribute in SAML Assertion.

Question: 

I have an assertion attribute called EmployeeNumber but SP is accepting in below mentioned form.

EmployeeNumber@abc.com

Here we need to add "@abc.com" to the employee number.

Also we have condition like below.

When the employeetype is retail then only add "@abc.com" to the employeenumber else use the mail attribute.

How to achieve it?

Environment:  

Applicable for all the environments

Answer: 

Yes, we can achieve the use case using GET and String concatenation functions in an expression.

Please follow below steps.

1) Go to Infrastructure --> Directory and User directory.

2) Modify the user directory which you are using for Partnership federation.

3) Create a virtual Attribute Mapping using an expression.

For Example: name of the attribute mapping=employee

Expression: GET(employeenumber)+""+"@abc.com" --> (here employeenumber is the attribute which you are trying to fetch from the LDAP)

emp.JPG

4) Go to Partnership federation and click on Assertion Configuration settings and use the same (employee) in the assertion attributes.

Also you had condition like below.

When the employeetype is retail then only add "@abc.com" to the employeenumber else use the mail attribute.

Kindly use below expression to achieve it.

#{attr["employeeType"] == 'retail' ? attr["employee"] : attr["mail"]}

atrr.JPG