This topic has 1 reply, 2 voices, and was last updated 3 years, 5 months ago by violette.
-
AuthorPosts
-
February 21, 2019 at 9:15 pm #24846
reeprice
ParticipantI am trying to get some headers included for my application to consume. I have IG working as CDSSO PEP. In my policy on AM I have added mail, sn, and uid as Subject Attributes under Response Attributes Under Policy. I am then trying to use the HeaderFilter to include these values as headers. Currently all authentication is successfully, but I don’t see my headers being passed. I have included a snipit of my route code.
{ "name": "PolicyEnforcementFilter-1", "type": "PolicyEnforcementFilter", "config": { "pepRealm": "/", "application": "PEP-CDSSO", "ssoTokenSubject": "${contexts.cdsso.token}", "amService": "AmService-1" } }, { "name": "HeaderFilter-InjectUserAttributes-1", "type": "HeaderFilter", "config": { "messageType": "REQUEST", "add": { "email": [ "${attributes.currentpolicy.attributes.mail}" ], "uid": [ "${attributes.currentpolicy.attributes.uid}" ], "last": [ "${attributes.currentpolicy.attributes.lastname}" ] } } } ],
February 22, 2019 at 3:42 pm #24852violette
ParticipantHello reeprice,
The Subject Response Attributes set in AM are located in IG under the policy context (https://backstage.forgerock.com/docs/ig/6.5/reference/#PolicyDecisionContext):
you can access it with an expression such as${contexts.policyDecision.attributes}
or${contexts.policyDecision.jsonAttributes}
.Please note that the mail attribute in LDAP is an array and could be accessible with:${contexts.policyDecision.jsonAttributes.mail[0]}
. -
AuthorPosts
You must be logged in to reply to this topic.