Syntax for PEP Response Attributes

This topic contains 1 reply, has 2 voices, and was last updated by  violette 6 months ago.

  • Author
    Posts
  • #24846
     reeprice 
    Participant

    I am trying to get some headers included for my application to consume. I have IG working as CDSSO PEP. In my policy on AM I have added mail, sn, and uid as Subject Attributes under Response Attributes Under Policy. I am then trying to use the HeaderFilter to include these values as headers. Currently all authentication is successfully, but I don’t see my headers being passed. I have included a snipit of my route code.

    {
    "name": "PolicyEnforcementFilter-1",
    "type": "PolicyEnforcementFilter",
    "config": {
    "pepRealm": "/",
    "application": "PEP-CDSSO",
    "ssoTokenSubject": "${contexts.cdsso.token}",
    "amService": "AmService-1"
    }
    },
    {
    "name": "HeaderFilter-InjectUserAttributes-1",
    "type": "HeaderFilter",
    "config": {
      "messageType": "REQUEST",
          "add": {
             "email": [
               "${attributes.currentpolicy.attributes.mail}"
                  ],
              "uid": [
    			"${attributes.currentpolicy.attributes.uid}"
                  ],
    		  "last": [
    			"${attributes.currentpolicy.attributes.lastname}"
                  ] 
                }
              }
    }
    ],
    #24852
     violette 
    Participant

    Hello reeprice,

    The Subject Response Attributes set in AM are located in IG under the policy context (https://backstage.forgerock.com/docs/ig/6.5/reference/#PolicyDecisionContext):
    you can access it with an expression such as ${contexts.policyDecision.attributes} or ${contexts.policyDecision.jsonAttributes}.Please note that the mail attribute in LDAP is an array and could be accessible with: ${contexts.policyDecision.jsonAttributes.mail[0]}.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?