Previous Topic: Using the Application Attributes Definitions TableNext Topic: Configure Attribute Mapping at the Relying Party

CA SiteMinder® Federation Standalone GuideApplication Integration at the Relying PartyMapping Assertion Attributes to Application Attributes (SAML Only)Construct Attribute Mapping Rules Using the Proper Syntax

Construct Attribute Mapping Rules Using the Proper Syntax

Attribute mapping uses mapping rules that transform assertion attributes to application attributes. When attribute mapping is enabled, CA SiteMinder® Federation Standalone generates default mapping rules. The rules are based on the assertion attributes specified for the remote Producer or IdP entity. All this configuration takes place at the local relying party. When attribute mapping is disabled, assertion attributes are passed "as is" to the target application.

CA SiteMinder® Federation Standalone uses a Unified Expression Language (UEL) syntax for mapping that is similar to JSP and JSF. Each assertion attribute is put into a hashmap and assigned the attr keyword. A UEL expression evaluator goes through the list of mapping rules and applies them to the hashmap of assertion attributes. The expression evaluator then generates another hashmap containing the resulting application attributes. The hashmap of outgoing application attributes is converted into cookie contents or header variables and delivered to the target application.

For more information about UEL, go to the Sun Developer Network.

To construct expressions, it is important to understand the syntax CA SiteMinder® Federation Standalone uses for the expressions.

Single Attribute Representation

To represent a single assertion attribute, use the following syntax:

#{attr["attribute_name"]}

Example: #{attr["Name"]} represents the value of the Name assertion attribute.

Composite Attribute Representation

Value expressions can be concatenated to form a composite value (with optional delimiter). To represent a composite assertion attribute, use the following syntax:

#{attr["first_attribute"]}optional_character #{attr["second_attribute"]}

Mapping Examples

The following are a series of examples of mapping rules. These examples are presented in the following format:

application_attribute=assertion_attributes_expression

Name Example

Syntax

ID = #{attr["Name"]}

Sample Result

BobSmith

Simple Concatenation Examples

Syntax

FullName = #{attr["FirstName"]},#{attr["LastName"]}

Sample Result

Bob,Smith

Syntax

FullName = #{attr["LastName"]},#{attr["FirstName"]}

Sample Result

Smith,Bob

Spaces are considered special characters. If you want a space between attributes in an expression, enter a space. For example:

Syntax

FullName = #{attr["LastName"]}, #{attr["FirstName"]}

Sample Result

Smith, Bob

Date Examples

Syntax

Date = #{attr["month"]}/#{attr["dateOfMonth"]}/#{attr["year"]}

Sample Result

01/05/2010

Syntax

Date = #{attr["monthSymbol"]} #{attr["dateOfMonth"]}, #{attr["year"]}

Sample Result

January 5, 2010

Monetary Example

Syntax

Price = #{attr["amount"]}#{attr["currency"]}

Sample Result

2.50EUR

Email Address Examples

Syntax

EmailAddress = #{attr["userName"]}@#{attr["domainName"]}

Sample Result

JaneDoe@company.com

Syntax

AcmeEmailAddress = #{attr["AcmeIDKey"]}@acme.com

Sample Result

bsmith@acme.com