It is possible to use Java EL expressions in place of attribute values. This enables more complicated techniques available in Java EL syntax for building attribute values, such as concatenation of strings.
...
${authnContext.authnContextDeclRef(response.authnContextDeclRef).authnContextClassRef(response.authnContextClassRef).authenticatingAuthority(response.authenticatingAuthority)}
When setting an attribute 'level-of-assurance', its value is based on the presence of a method attribute. In the example below, if there is no method attribute ‘any-method-attribute-name’ or it is empty, then the level-of-assurance will be set at a lower level of 2. If the method attribute ‘any-method-attribute-name’ is present and it is not empty, then the level-of-assurance will be set to a level of 3.
${attribute.name('level-of-assurance').values(empty method['any-method-attribute-name'] ? '2' : '3')}
The following example will return a subset of all of the group memberships that a user has. It will look at only group memberships that start with CN=test_ and the extract only the CN of the role names based on a regular expression. For example, if the member belongs to the following groups:
CN=test_user,OU=Test,CN=Ubilogin,DC=login,DC=smartplan,DC=com
CN=test_admin,OU=Test,CN=Ubilogin,DC=login,DC=smartplan,DC=com
CN=Accounting Users,OU=Accounting,OU=System,CN=Ubilogin,DC=login,DC=smartplan,DC=com
The following multivalue attribute value will be returned:
test_user
test_admin
${user['ubiloginMemberOf'].stream().filter(str -> str.startsWith("CN=test_")).map(dn -> dn.replaceFirst("^CN=([^,]+).+$", "$1")).toList()}
When setting an attribute 'role', its value is based on the presence of a method attribute. In the example below, if there is no method attribute ‘administrator’ or it is empty, then the role will be set to "user". If the method attribute ‘administrator’ is present and it is not empty, then the role will be set to "admin".
${attribute.name('role').values(empty method['administrator'] ? 'user' : 'admin')}
...