This article presents example Authorization Policy configurations for some typical uses cases. For SSO Authorization Policy documentation, please refer to:

...

Name	Value	Example Data	Example Result
given_name	${user['givenName'][0].toUpperCase()}	givenName=Michael	"MICHAEL"
full_name	${user['givenName'][0].concat(' ').concat(user['sn'][0])}	givenName=Michael, sn=Jones	"Michael Jones"
is_employee	${user['mail'][0].toLowerCase().endsWith('@ubisecure.com')}	mail=user.demo@customer.com	"false"
email_domain	${user['mail'][0].substring(user['mail'][0].indexOf('@')+1)}	mail=ubisecure.demo@example.com	"example.com"
test_account	${user['givenName'][0].toLowerCase().contains('application_test')}	givenName=Application_Test	"true"
birthdate	${method['urn:oid:1.2.246.21'][0].contains('-') ? "19".concat(method['urn:oid:1.2.246.21'][0].substring(4, 6)).concat("-").concat(method['urn:oid:1.2.246.21'][0].substring(2, 4)).concat("-").concat(method['urn:oid:1.2.246.21'][0].substring(0, 2)) : "20".concat(method['urn:oid:1.2.246.21'][0].substring(4, 6)).concat("-").concat(method['urn:oid:1.2.246.21'][0].substring(2, 4)).concat("-").concat(method['urn:oid:1.2.246.21'][0].substring(0, 2))}	150990-304Y 100302A017X	1990-09-15 2002-03-10
mobile	${user['mobile'][0].startsWith('0') ? '+358'.concat(user['mobile'][0].substring(1)) : user['mobile'][0]}	0401234567 +4422334456	+358401234567 +4422334456

String values can also be modified by using regular expressions with the re:replace function, for example as follows:

...

Name Value Comment Example Data Example Result

email

${attribute.name("email").values(sha256.text('exampleAppString'.concat(user.telephoneNumber[0])).toString().concat('@example.com'))}

Generate a virtual email address formed by hashing user attributes.

Here a hash is a made of application specific string concatenated together a custom userId that is stored in user.telephoneNumber. The email domain is added to the resulting string.

123456

794f037115472dd0831df46a01e300a970507b6632a493915c8e1e59fa1a0d47@example.com

uidbase64

${base64:encode(utf8:bytes(user['uid'][0]))}

Base64 encode user.uid. Because base64:encode() function requires a bytearray as input parameter, and user.uid is String, it needs to be converted to bytearray using utf8:bytes().

jsmith

anNtaXRo

Role Based Access Control

...

Versions Compared

Old Version 16

New Version Current

Key

Role Based Access Control

Page Comparison

Versions Compared

Old Version 16

New Version Current

Key

Role Based Access Control