[IdP] REGEX possible on group strings?

Forge Component
(39)
Published on 4 Nov by Telmo Martins
39 votes
Published on 4 Nov by Telmo Martins

My IDP returns groups in a format that is not compatible with group names in Outsystems; please see the xml at the end. I was hoping that you could suggest to me what action or function I could modify to use a regex to strip out everything from the group name but the last portion, or perhaps suggest another way to modify the IDP long group string within the configuration files.


<saml2:Attribute FriendlyName="eduPersonEntitlement" Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
            <saml2:AttributeValue xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">urn:mace:upenn.edu:penn:isc:ait:apps:outsystems:groups:dev:TestGroup</saml2:AttributeValue>
            <saml2:AttributeValue xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">urn:mace:upenn.edu:penn:isc:ait:apps:outsystems:groups:dev:TestGroup2</saml2:AttributeValue>
         </saml2:Attribute>


Thank you,

Charles


You can indeed use a regex function, regex_replace in the text component.

This regex will select everything upto the final: 

.*:

Alternatively, you can select the final part of the string using the following regex:

 [^:]+$

Great! Unfortunately I can't find any documentation on usage in the module, do you perhaps have an example or know where I can find documentation? Apologies if I'm missing something obvious, I'm new at this. Is this the same format as Regex_Replace from the Text module in Outsystems? If so, how do I indicate that the group name within the string is the actual assertion name?

Regex_Replace(SAML_GROUP_ASSERTION_NAME,".*\b:","",True,False,True)

Thanks,
Charles

If this is your string urn:mace:upenn.edu:penn:isc:ait:apps:outsystems:groups:dev:TestGroup2

Regex_Replace("urn:mace:upenn.edu:penn:isc:ait:apps:outsystems:groups:dev:TestGroup2",".*:","",True,False,True)

Alternatively you can use:

Regex("urn:mace:upenn.edu:penn:isc:ait:apps:outsystems:groups:dev:TestGroup2"," [^:]+$")

Both will return TestGroup2.

Joey Moree wrote:

If this is your string urn:mace:upenn.edu:penn:isc:ait:apps:outsystems:groups:dev:TestGroup2

Regex_Replace("urn:mace:upenn.edu:penn:isc:ait:apps:outsystems:groups:dev:TestGroup2",".*:","",True,False,True)

Alternatively you can use:

Regex("urn:mace:upenn.edu:penn:isc:ait:apps:outsystems:groups:dev:TestGroup2"," [^:]+$")

Both will return TestGroup2.

Joey, I think that I am not communicating this need correctly, apologies. I'm configuring the IdP module and setting up the name of the SAML attribute containing the groups, please see the highlighted section of the attachment where I would expect to be able to attach some logic to modify output. I need the regex to be applied to the attribute value that is coming from the SAML, not to the attribute name within the SAML. Perhaps that's not possible without editing the module itself?


Thanks!

Charles



Solution

Hi,

Yes, ie, you need to customize the module itself with that regex_replace that should work fine.

What's I believe that it's not yet supported, it's to have the group list as an "xml list", ie, in a list of AttributeValue xml nodes (I think currently only it's supported to have the list of groups on the same attribute, split by specified character)

Regards

Solution

Thank you very much Telmo - I am getting multiple groups back from separate XML elements within the attribute list, so that is actually working.

Best,

Charles