WS-Fed App is misconfigured when using Custom Expressions in Custom Attribute Statements Skip to main content
https://support.okta.com/help/answers?id=9062a000000bmolqay&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Henrik Bo ChristensenHenrik Bo Christensen 

WS-Fed App is misconfigured when using Custom Expressions in Custom Attribute Statements

Hi,

We configured Okta template WS-Fed App and added Custom Attribute Statement which should return only the first part of user's mail adress.

Custom Attribute Statements: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name|${f:substringBefore(user.email, '@')}|

However an misconfiguration error is thrown:

The Template WS-Fed App attribute list is: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name|${f:substringBefore(user.email, '@')}|

Attributes should be in one of the forms below:
firstName|${ssfn:escapeHtml(user.firstName)}|namespace 
firstName|instanceId:${ssfn:escapeHtml(user.firstName)}|namespace

We tried with a lot of different combinations, but seems like no functions can be used with this context.?
Durlea IonutDurlea Ionut

Hello Henrik.
Thank you for taking your time on submitting this question.

From the looks of this setup, the expresion looks to be valid.

Please visit the Okta Admin Dashboard, open you app and click on that application sign-on tab.
On the Application username format, select "Custom" and select the "Custom expression" url.
This will permit you to try and preview the mapping based on the examples you provided.

If you believe further assistance is required, please log a support ticket so that we can further investigate the issue.

Thank you!

Alex - Okta Support 

Henrik Bo ChristensenHenrik Bo Christensen
Hi Alex,

Thank you for your reply and suggestion.

I tried testing it with Custom expression and looks correct on the preview screen. I know we tested this setup about 9 months ago, and it was working correctly with WS-Fed Template by extracting part of the e-mail on dev account.

Okta-claims-name-preview

Any other suggestions?

- Henrik

 
Gabriel SrokaGabriel Sroka (Okta, Inc.)
Hi Henrik
In the "Custom Expression" tester, try just the expression (without the namespace), eg:
${f:substringBefore(user.email, '@')}
User-added image