Using JS Functions in Correlation Query

This topic has 5 replies, 3 voices, and was last updated 6 years, 8 months ago by Brad Tumy.

  • Author
    Posts
  • #7038
     Brad Tumy
    Participant

    Our o365 test domain has a different domain name than our production o365 environment. We have had to do some additional transformation to handle these different domains.

    I will also need to do the transform within the correlation query. Is it possible to use replace() inside the correlation query?

    Ex.

    “correlationQuery” : {
    “type” : “text/javascript”,
    “source” : “var qry = {‘_queryFilter’: ‘UserPrincipalName’ eq \”‘ + source.userName.replace(‘example.com’,’example.onmicrosoft.com’) + ‘\”‘}; qry”
    },

    Also Is there another/better/simpler approach to accomplish the same?

    • This topic was modified 6 years, 8 months ago by Brad Tumy.
    #7044
     ssripathy
    Participant

    Would you be able to use sAMAccountName instead in the correlation query and not have to replace the domain . Its unique within a domain like UPN and does not have the @domain part.

    “source” : “var name = email.substring(0, source.userName.lastIndexOf(“@”));var qry = {‘_queryFilter’: ‘sAMAccountName eq \”‘ + name + ‘\”‘}; qry”

    if you do have to use UPN then, you could store the domain in a config object and read it off of there, so you don’t need to hardcode it and have to correct script when moving between environments

    “source” : “var domain = openidm.read(‘config/mydomain’);var name = email.substring(0, source.userName.lastIndexOf(“@”));var upn = name+’@’ + domain;var qry = {‘_queryFilter’: ‘UserPrinicipalName eq \”‘ + upn + ‘\”‘}; qry”

    You could read off of the system object as well, but I think reading a config would be much faster.

    HTH.

    #7045
     ssripathy
    Participant

    Oops minor typo. meant to write this
    “source” : “var name = source.userName.substring(0, source.userName.lastIndexOf(“@”));var qry = {‘_queryFilter’: ‘sAMAccountName eq \”‘ + name + ‘\”‘}; qry”

    but you get the point…just replace my ’email’ with source.userName

    #7056
     Brad Tumy
    Participant

    Hi Ssripathy,

    Thanks for your response. We are not using AD locally and don’t have sAMAccountName as an available attribute. We are using OpenDJ and only have uid as the unique attribute for each users.

    Thanks,
    Brad

    #7074
     Andrew Potter
    Participant

    Can you use Property Value Substitution?
    Create a variable in boot.properties, say, ‘o365domain’ whose value is either example.com or example.onmicrosoft.com
    Then in your correlation query use &{o365domain} in the relevant place.
    http://openidm.forgerock.org/doc/bootstrap/integrators-guide/index.html#using-property-substitution

    #7179
     Brad Tumy
    Participant

    Hi Andrew,

    Thanks for the suggestion. This customer stores the full upn of the user in uid (opendj) … so we don’t have just the shortname isolated in an attribute, so I would still need to replace() the existing domain name from the uid.

    Brad

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?