How to customize a virtual attribute in a federation with use of OIDC

Document ID : KB000121383
Last Modified Date : 20/11/2018
Show Technical Document Details
Question:
We're configuring Siteminder as OIDC Authorization Provider and having
set a virtual User attribute to returns multivalue LDAP attribute,
then the claims associated with it presents the data with a caret and
you'd like to know how to modify the format of the response header.

We've configured the virtual attribute in the Directory attribute 
mapping as : 

ENUMERATE(memberOf,STRING(RDN (STRING(%0),FALSE))) 

The value are retrieved but the target server recieves the information 
as : 

  "groups":"My_First_Group^My_Second_Group". 

We'd like to know how to modify the answer to be 

  "groups":["My_First_Group","My_Second_Group"]. 

How can we do it ?
Answer:
Policy Server supports multi-values, but out of the box, each value is
separated from the other by a caret "^" and this is not
configurable. It suggested to use a custom code to change it.

If you need the functionality to allow to choose the way the mutiple 
values should be separated, then we invite you to open a Enhancement 
Request by writing an Idea on the Security page : 

  1. Go to the CA Security Overview Page : 
     https://communities.ca.com/community/ca-security/ca-single-sign-on 
  2. Click on the "Actions" drop-down menu and select "Create an 
     idea." 
  3. Give your idea a title and detailed description to encourage 
     voting. 
  4. Publish and vote on your idea!