SAML Attribute Value Provider Procedures#

SAML Attribute value provider script procedures are used to provide attribute values during SAML assertion issuance.

A SAML attribute value provider script must contain a result function. This function has a single context parameter of type SamlAttributesProviderProcedureContext. In addition to the context parameter, the function also has access to the common procedure API .

The result function must return a JavaScript object with the attributes that will be used to compute the final attribute value, as defined in Attribute Value Providers .

Example#

The following script exemplifies a SAML attribute value provider procedure that uses user attributes to compute the output attributes

/**
 * @param {se.curity.identityserver.procedures.samlattributes.SamlAttributesProviderProcedureContext} context
 */
function result(context) {

  // Read the role and region from the user account
  var dataSource = context.getAttributeDataSource();
  var dataSourceAttributes = dataSource.getAttributes(context.subjectAttributes.subject);
  var account = dataSourceAttributes.getRow(0);
  var accountAttributes = JSON.parse(account.attributes);
  if (!accountAttributes) {
    return {};
  }

  return {
    region: accountAttributes.region || '',
  }
}

Configuration#

To configure a SAML attribute value provider script procedure:

First, create the script procedure as documented in Scripting .
Then, follow the instructions at Script Attribute Provider to start using the previous script in a SAML attribute value provider.

Administration

System and Operation

Facilities

Profiles

Developer Guide

Configuration Reference

SAML Attribute Value Provider Procedures#

Example#

Configuration#