IsaacB.81593 (Customer) asked a question.
Testing for not null in authentication policy expression
Hi: I'm trying to construct an authentication policy rule (in OIE) that is triggered by an expression. For example, manager is not null and not blank.
For not blank, I do user.profile.manager.removeSpaces() != "". I test this policy and can see that it's triggered if a user's manager is not blank, bypassed if blank.
But if I test on user.profile.manager.removeSpaces() != null the rule is always triggered, no matter the value of manager.
What am I missing? Is there a bug?
Thanks.
I realize that I can test user.profile.manager.length() > 0, but am still curious about the null test.
@IsaacB.81593 (Customer) -- Did you only test null in lower case and not all caps? I've not tested it myself but looking at the docs it specifically shows the NULL checks as using NULL and not null. https://developer.okta.com/docs/reference/okta-expression-language/
For example: Arrays.isEmpty(NULL)
So in your situation I would do something like: !user.profile.manager.length(NULL)
or possibly: user.profile.manager.length() != NULL
Thanks Tim: It turns out that the attribute that I was testing for "not null" was, in fact, not null, as it had been edited, then blanked. When I tested on an account where the attribute was truly null, the rules worked as designed.