...
Variable | Description |
---|---|
user [Bean] | Contents depend on the type of the user directory.
|
method [Bean] | Contains all the attributes defined by the authentication method, after attribute mapping (see section 2.3) is applied.
|
prefix [Bean] | Contains the collection of all authorizer implementations registered in Ubisecure SSO, with their prefixes as keys.[PS1] [AÅ2] |
username [Bean] | Contains the properties of the user in the user directory. Changes to nameID variable are not reflected in this variable.
|
sso [Bean] | Contains the following properties.
|
Examples of use:
Get user’s CN attribute in the user directory and concatenate it with string ‘@example.com’. Both expressions are equivalent.
...
attribute [AttributeBuilder]
The attribute in current authorization policy context, which will be sent to the application.Variable Description name(String s) [AttributeBuilder]
Set the name of the attribute. Note that this overrides the setting in authorization policy itself. values(String s) [AttributeBuilder]
Add a value for the attribute. nameFormat(String s) [AttributeBuilder]
Set the nameFormat of the attribute. Valid values are: - UNSPECIFIED
urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
- URI
urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- BASIC
urn:oasis:names:tc:SAML:2.0:attrname-format:basic
friendlyName(String s) [AttributeBuilder]
Set the friendlyName of the attribute. - UNSPECIFIED
Examples of use:
Set a value manager to attribute role.
...
${eidm['roles'].contains('Users/OrganizationMainUser') ? 'true' : 'false'}
Returns “true” if the user status in Ubisecure CustomerID is 'Enabled' (='1'). Otherwise a null value is returned. This is useful if you also add the specified attribute to the list of required attributes. Then only enabled users can get access to the service.
${eidm['user.status'].contains('1') ? 'true' : null}
Returns “useradmin” if the user has the absolute CustomerID role Users/OrganizationMainUser
. Otherwise “normaluser” is returned.
...
sha1 [DigestBuilder]
Helper for building SHA1 digest.Variable Description text(String input) [DigestBuilder]
Append input string to digest builder. bytes(byte[] input) [DigestBuilder]
Append input bytearray to digest builder. guid [UUID]
Convert digest to GUID. uuid [UUID]
Convert digest to UUID. sha256 [DigestBuilder]
Helper for building SHA256 digest.Variable Description text(String input) [DigestBuilder]
Append input string to digest builder. bytes(byte[] input) [DigestBuilder]
Append input bytearray to digest builder. guid [UUID]
Convert digest to GUID. uuid [UUID]
Convert digest to UUID.
Examples of use:
Create SHA256 digest of SSO Session ID and convert the digest to UUID.
...
Function | Description |
---|---|
xss:html(String input) [String] | Encode input string for HTML. |
xss:url(String input) [String] | Encode input string for URL. |
xss:js(String input) [String] | Encode input string for JavaScript. |
xss:json(String input) [String] | Encode input string for JSON. |
c14n:text(String input) [String] | Encode input string for Text Node in Canonical XML. |
c14n:attr(String name, String input) [String] | Encode input string for Attribute Node name in Canonical XML. |
base64:encode(byte[] input) [String] | Base64 encode input bytearray. |
| md5 encode input bytearray. (Requires SSO 6.9 or newer) |
| UUID/GUID encode bytearray. Array’s length must be 16 bytes. |
utf8:bytes(string input) [byte[]] | UTF8 encode input string and convert to byte array. |
digest:sha1(byte[] input) [byte[]] | SHA1 digest of input bytearray. |
digest:sha256(byte[] input) [byte[]] | SHA256 digest of input bytearray. |
re:replace(String input, String regex, String replacement) [String] | Replaces the first substring of input string that matches the given regular expression with the given replacement. |
Examples of use:
${base64:encode(utf8:bytes(user.uid))} or ${base64:encode(utf8:bytes(user['uid'][0]))}
...