Sometimes when working with various applications you may need to customize or transform the attributes you’re sending in order to make it compatible with the system.
For example, your HR system may send over IDs in one format, but the system you’re sending the SAML attributes to are expecting a different format such as a fixed length, adding a prefix, or something else.
PingFederate supports the use of OGNL when grabbing attributes, so this tutorial shows how to take any employee ID that is less than 8 characters and make it 8 characters in length by padding it with 0s from to the left.
You’d be surprised how often you may need to do something like this. Also, for the record, you do NOT need to be a coder or software developer in order to be an IAM professional. I am not a coder, and I do not have a software development background. I generally start from my notes on past expressions I’ve used, then lookup various examples on the Ping website, as well as others, and even check Java docs for different parameters.
The OGNL expression I used to accomplish this is:
#number=#this.get("employeeNumber").toString(),
#number.length()!=8 ? @org.apache.commons.lang.StringUtils@leftPad(#number, 8, "0"):#numberIn this expression, #number can be whatever you want, as long as it matches throughout your expression. The !=8 tells it that if the length is not equal to 8, pad it with the information that follows. The “0” could be whatever you wish to pad your IDs with.
There is definitely a bit a trial and error to find an expression that does what you want, but in most cases you can eventually get to what you’re trying to do.
However there are some places that OGNL isn’t supported yet in PingFederate like authentication policy rules for example (hopefully that comes soon!).
Anyway, have fun trying this out and I hope you find it to be a useful expression to add to your OGNL toolbox.
Leave a Reply