PingFederate Server

Construct OGNL expressions

Use OGNL expressions and syntax to evaluate and manipulate attribute values and return information based on the results.

OGNL is based on the Java programming language. You can transform a range of values into a text description or do the same for a sequence of ranges.

Use the # symbol to reference OGNL variables. For an identity provider (IdP), PingFederate provides predefined OGNL variables for IdP-adapter attributes, any attributes retrieved from datastores, and attributes for token authorization. For a service provider (SP), variables are available for attributes received in an assertion, an attribute query, and attributes for token authorization. For example, you can retrieve the SAML_SUBJECT value with #SAML_SUBJECT.

Use the following construction for any attributes from any source that contain special characters that cannot be parsed by OGNL: #this.get("<attribute_name>").

Because OGNL uses the “at” symbol (@) to reference static Java methods, expressions containing the symbol must be enclosed in double quotes. Otherwise, expression parsing fails. For example, use #SAML_SUBJECT="usr@msn.com", not #SAML_SUBJECT=usr@msn.com.

Data store syntax

For datastore attributes with an attribute source ID, use the #this.get("ds.attr-source-id.attribute_name") syntax.

For datastore attributes without an attribute source ID, use the #this.get("ds.attribute_name") syntax.

Other variable syntax

To access mapped attributes, use the #this.get("mapped.attribute_name") syntax.

To access most context attributes, use the #this.get("context.attribute_name") syntax.

To access the HTTP Request context attribute, use the #this.get("context.HttpRequest").getObjectValue() syntax.

The returned value is an instance of javax.servlet.http.HttpServletRequest. See http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html.