<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D51Y000069Udk6SACOkta Classic EngineAdministrationAnswered2019-04-22T15:11:18.000Z2019-04-18T14:18:29.000Z2019-04-22T15:11:18.000Z

00ufvw0mxOJZpbKrv351.5548183538928567E12 (Customer) asked a question.

April 18, 2019 at 2:18 PM
How can I print multi-valued attributes via ATTRIBUTE STATEMENTS in saml response?

I have enabled Feature Flag "SAML_SUPPORT_ARRAY_ATTRIBUTES" on my profile. I can achieve this if I add a new attribute "String Array" in Profile Editor and added to it all the values I wanted in "ENUM", enabled this on the user profile and added on the application and has listed in the SAML assertion.

 

But all i get is static value mentioned in "ENUM". Can I use dynamic value derived by okta_expression_language in that ENUM ?

 

We need to print list of groups name in SAML for a user based on condition (groupname start with "xyz") and then give Nicer name to filtered out group. and it has to be multi value attribute Something like: ((isMemberOfGroupName("SMSLocalAdmins") ? "Admin" : null ) + "," + (isMemberOfGroupName("SMSManager") ? "Manager" : null) + "," + (isMemberOfGroupName("SMSUser") ? "Users&q

  • 5 answers
  • 3.07K views
00ufvw0mxOJZpbKrv351.5548183538928567E12 likes this.

  • VanH.30758 (Lytx, Inc.)

    Hi Vipul,

     

    I had to pass an multi-value array to an attribute in one of our applications and could not get it figured out.

     

    What worked for us is:

    Arrays.flatten(isMemberOfGroupName("SMSLocalAdmins")?"Admins":"",isMemberOfGroupName("SMSManager")?"SMSManager":"",isMemberOfGroupName("SMSUser")?"Users":"")

     

    While I can't say for sure it'll work for your case, as I'm not 100% sure it's the same situation, it seems similar and was something I struggled with for awhile, earlier this year, until I was able to locate the solution with some help from other members.

    Expand Post
    Selected as Best

  • VanH.30758 (Lytx, Inc.)

    Hi Vipul,

     

    I had to pass an multi-value array to an attribute in one of our applications and could not get it figured out.

     

    What worked for us is:

    Arrays.flatten(isMemberOfGroupName("SMSLocalAdmins")?"Admins":"",isMemberOfGroupName("SMSManager")?"SMSManager":"",isMemberOfGroupName("SMSUser")?"Users":"")

     

    While I can't say for sure it'll work for your case, as I'm not 100% sure it's the same situation, it seems similar and was something I struggled with for awhile, earlier this year, until I was able to locate the solution with some help from other members.

    Expand Post
    Selected as Best

  • 00ufvw0mxOJZpbKrv351.5548183538928567E12 (Customer)

    Thanks Van,

     

    Arrays.flatten is giving multi-value array output post enabling Feature Flag "SAML_SUPPORT_ARRAY_ATTRIBUTES" on Okta profile. 

     

    but the issue here is, It is creating an empty attr if we are using "" in condition (isMemberOfGroupName("SMSLocalAdmins") ? "manager" : ""). Is there any way to NOT to print attr value if condition is not meet.

     

     

     

    <saml2:Attribute Name="SAML" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

     

    <saml2:AttributeValue type="xs:string">Admins</saml2:AttributeValue>

     

    <saml2:AttributeValue type="xs:string">User</saml2:AttributeValue>

     

    <saml2:AttributeValue type="xs:string"/></saml2:Attribute>

    Expand Post

  • 00ufvw0mxOJZpbKrv351.5548183538928567E12 (Customer)

    <saml2:Attribute Name="SAML" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

    <saml2:AttributeValue type="xs:string">Admins</saml2:AttributeValue>

    <saml2:AttributeValue type="xs:string">User</saml2:AttributeValue>

    <saml2:AttributeValue type="xs:string"/></saml2:Attribute>

    Expand Post

  • VanH.30758 (Lytx, Inc.)

    Hi Vipul,

     

    Ah i've had that happen to me in the past with pasting with formatting.

     

    Hmm to be honest I'm not sure. If I recall, I couldn't get it working with null, and the blank entries worked for me. In the system that I worked with did not register blank entry but put the user into all the groups that they did qualify for. The only problem I had was when things go large, I ran into character limitations.

     

    Sorry I can't be more helpful.

    Expand Post
This question is closed.
Loading
How can I print multi-valued attributes via ATTRIBUTE STATEMENTS in saml response?