IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  Processing AZN_CRED_GROUPS entries

    Posted Fri February 28, 2025 09:08 AM

    Hi, could someone please share a sample code for processing individual groups that a user has in an infomap policy?

    I am extracting them and displaying them for troubleshooting purposes and they are just coming as "appuser".  However, on the cred viewer I can see that the user has the following groups:

    [0] appadmin
    [1] appuser
    [2] otp_hrmis

    My code snippet is as below:

    var groups = context.get(scope, "urn:ibm:security:asf:request:token:attribute", "AZN_CRED_GROUPS");

    If I display it as is I get "appuser".  If I do a typeof on it I get "object".  It's really getting confusing on how to process the groups to see if the user has a particular group or not.

    Thanks,



    ------------------------------
    Narayan
    ------------------------------


  • 2.  RE: Processing AZN_CRED_GROUPS entries

    Posted Sun March 02, 2025 06:25 AM

    I think the answer is to use attributes below, not attribute for multi-value properties.

    var groups = context.get(scope, "urn:ibm:security:asf:request:token:attribute", "AZN_CRED_GROUPS");

    Probably some rationalization of the API might help to keep the API uniform to have one key only.



    ------------------------------
    Narayan
    ------------------------------