Syntax for PEP Response Attributes

This topic has 1 reply, 2 voices, and was last updated 3 years, 5 months ago by violette.

  • Author
  • #24846

    I am trying to get some headers included for my application to consume. I have IG working as CDSSO PEP. In my policy on AM I have added mail, sn, and uid as Subject Attributes under Response Attributes Under Policy. I am then trying to use the HeaderFilter to include these values as headers. Currently all authentication is successfully, but I don’t see my headers being passed. I have included a snipit of my route code.

    "name": "PolicyEnforcementFilter-1",
    "type": "PolicyEnforcementFilter",
    "config": {
    "pepRealm": "/",
    "application": "PEP-CDSSO",
    "ssoTokenSubject": "${contexts.cdsso.token}",
    "amService": "AmService-1"
    "name": "HeaderFilter-InjectUserAttributes-1",
    "type": "HeaderFilter",
    "config": {
      "messageType": "REQUEST",
          "add": {
             "email": [
              "uid": [
    		  "last": [

    Hello reeprice,

    The Subject Response Attributes set in AM are located in IG under the policy context (
    you can access it with an expression such as ${contexts.policyDecision.attributes} or ${contexts.policyDecision.jsonAttributes}.Please note that the mail attribute in LDAP is an array and could be accessible with: ${contexts.policyDecision.jsonAttributes.mail[0]}.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?