IBM Security Verify

 View Only
  • 1.  Get value of SAML PartnerID / PartnerName

    Posted Wed October 05, 2022 05:26 AM
    Hello team, 

    is there already a way to get the value of SAML Partner Name / PartnerID in a mapping rule? It was also considered to implement it in future releases (See RFE from 2019: https://ibmsecurity.ideas.ibm.com/ideas/ISAM-I-778 )
    Or is there maybe a workaround to get this value in current version 10.0.4?

    Thanks in advance & best regards
    Thomas

    ------------------------------
    Thomas Renner
    ------------------------------


  • 2.  RE: Get value of SAML PartnerID / PartnerName

    Posted Thu October 06, 2022 03:17 AM
    There is a workaround. You have to get it in an access policy and store it in the cache:

    var protocolContext = context.getProtocolContext();
    var PartnerName = protocolContext.getPartnerName();
    var tsi=user.getAttribute("tagvalue_session_index").getValue();
    IDMappingExtUtils.getIDMappingExtCache().put(tsi,PartnerName,60);

    And later in the mapping rule:

    var tsi=stsuu.getAttributeContainer().getAttributeValuesByName("tagvalue_session_index");
    var PartnerName=IDMappingExtUtils.getIDMappingExtCache().get(tsi[0]);


    ------------------------------
    Laurent LA Asselborn
    ------------------------------



  • 3.  RE: Get value of SAML PartnerID / PartnerName

    Posted Thu October 06, 2022 09:18 AM
    Hello Laurent, 
     
    I tried it out but unfortunately the value of tagvalue_session_index (tsi) is "null" in Mapping rule.

    I also activated AAC traces and I saw that the value of session index and partnerName was added to Cache by executing access policy:
    [10/6/22, 15:07:18:407 CEST] 00001329 id=00000000 i.am.fim.trustserver.sts.utilities.IDMappingExtCacheDMAPImpl > put ENTRY ce58756c-4577-11ed-a1d3-0050568214b9 test-wave1 60

    But in Mapping Rule the value of tagvalue_session_index is null:
    ([10/6/22, 15:07:18:432 CEST] 00001329 id=00000000 om.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils > traceString ENTRY Audi_SAML_GROUPS_DEFAULT >> tsi = null)

    Is there an additional configuration change necessary?




    ------------------------------
    Thomas Renner
    ------------------------------