<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VcmSAFOkta Classic EngineOkta Integration NetworkAnswered2024-04-17T12:02:08.000Z2018-06-27T20:32:20.000Z2019-07-22T19:43:23.000Z

boh22 (boh22) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Comma Separated Group Attribute Statement to SP
Hello,

 

I'm trying to pass up to three groups in my assertion for an app that offers varied access based on the group(s). The group attribute statement works flawlessly when only one group is being passed, however the SP is looking for a comma-separated list of groups if there are 2 or more. Rather than passing each group in separate tags (see below), is there a way to pass two groups in the same attribute value tag separated by commas?

  
  1.  <saml2:Attribute Name="GroupID"  NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"  > <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xsi:type="xs:string"  >Group3</saml2:AttributeValue> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xsi:type="xs:string"  >Group1</saml2:AttributeValue> </saml2:Attribute>
 Appreciate the help!

 

Eric

  • 6 answers
  • 3.3K views

  • bj.lillo1.5120064354347244E12 (Okta, Inc.)

    You could use a combination of functions to make that happen. First, you will need to return an array of groups with the appropriate filtering using one of the following functions:

    Groups.getFilteredGroups

    Groups.contains

    Groups.startsWith

    Groups.endsWith

     

    Then you'll convert that array to a comma separated string using:

    Arrays.toCsvString(array)

     

    Expand Post

  • boh22 (boh22)

    Thank you for the response, BJ. Where am I inputting these functions? Profile Editor for the specific app, or within the SAML wizard for the app?

  • la410 (la410)

    Eric/BJ,

     

    I am also trying something like this, can you please do let me know if this worked, and exactly what needed to be done to make this work.

     

    Thanks,

    Avi
    Expand Post

  • boh22 (boh22)

    After much Googling, I came across a hack of a solution: 
    1.  String.join(",", isMemberOfGroupName("Group1") ? 'Group1' : '', isMemberOfGroupName("Group2") ? 'Group2' : '', isMemberOfGroupName("Group3") ? 'Group' : '')
     

    It ended up passing Group1,,Group3 but the service provider accepted the blank for not being in group 2 (example).

     

    Here's the post that gave me the resolution: https://support.okta.com/help/answers?id=9062A000000bm4LQAQ
    Expand Post

  • 8auqh (8auqh)

    Hi Eric,

     

    Can you tell us where did you added the above string ?

     

    i.e Profile Editor or SAML Wizard ?

     

  • 8auqh (8auqh)

    You need to add the expression language code in Attribute statements.

This question is closed.
Loading
Comma Separated Group Attribute Statement to SP