<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y00005tGphISASOkta Classic EngineAdministrationAnswered2024-04-15T10:46:40.000Z2019-01-14T22:02:41.000Z2020-06-09T18:41:27.000Z

81w6o (81w6o) asked a question.

January 14, 2019 at 10:02 PM
How can I combine multiple Groups.startsWith (for example) calls into one claim list?

I have a claim (Value Type = Expression) in which I would like to combine several sets of matches.

 

Each of these works independently:

Groups.startsWith("active_directory", "RolePrefix", 10)

Groups.startsWith("active_directory", "AnotherRolePrefix", 10)

Groups.startsWith("active_directory", "YetAnotherRolePrefix", 10)

 

I have tried to use Arrays.flatten() to combine them into a single list of claims, e.g.

 

Arrays.flatten(Groups.startsWith("active_directory", "RolePrefix", 10), Groups.startsWith("active_directory", "AnotherRolePrefix", 10), Groups.startsWith("active_directory", "YetAnotherRolePrefix", 10))

 

This seems to work correctly only if each of the inner startsWith expressions returns something. If any of them does not match a role, the entire claim is left off

  • 3 answers
  • 4.96K views

  • VanH.30758 (Lytx, Inc.)

    I think you're running into the same issue that I recently ran into (only about a week or two).

     

    We had a custom app that we had to build in so I had to use the attribute statements section in the app and not profile editor. Once it qualified one of the conditions it dropped the rest of the logic.

     

    I fell upon this URL:

    https://devforum.okta.com/t/multivalued-attributes/179/4

     

    The early access feature (SAML_SUPPORT_ARRAY_ATTRIBUTES) was enabled in our tenant (via a support call) and instantly everything worked. I was able to pass a string-array over to assign users to user groups in the application.

     

    The only issue I ran into after that is that the full logic statement was pretty long (because of about 17 groups in the system) and I ran into a character limit.

     

    Hopefully this information is relevant and helpful.

    Expand Post

  • vupww (vupww)

    I ran into the same issue. Do you have got a solution for this?

  • aaro22151.499993308516286E12 (Customer)

    As Tim discovered, Arrays.flatten() does not return anything if one of the expressions returns null. The solution is to make sure each expression returns a value. Okta ELis based on Spring EL which has a ternary operator we can use to always return a default value. For example, the expression below returns a blank if there are no groups or the group array if there are groups:

    Groups.startsWith("active_directory", "RolePrefix", 10) == null ? '' : Groups.startsWith("active_directory", "RolePrefix", 10)

    Use this with each expression in Arrays.flatten() and it will work.

    Expand Post
This question is closed.
Loading
How can I combine multiple Groups.startsWith (for example) calls into one claim list?