---
title: Sample customizations
description: Use OGNL expressions to customize assertions and authentication requests in different ways.
component: pingfederate
version: 13.0
page_id: pingfederate:administrators_reference_guide:pf_sample_customizat
canonical_url: https://docs.pingidentity.com/pingfederate/13.0/administrators_reference_guide/pf_sample_customizat.html
revdate: March 31, 2023
section_ids:
  add-sessionnotonorafter-to-assertions: Add SessionNotOnOrAfter to assertions
  use-well-formed-xml-as-attribute-value: Use well-formed XML as attribute value
  include-extensions-in-authentication-requests: Include extensions in authentication requests
---

# Sample customizations

Use OGNL expressions to customize assertions and authentication requests in different ways.

## Add SessionNotOnOrAfter to assertions

This expression adds the optional `SessionNotOnOrAfter` attribute to the `<AuthnStatement>` element and sets the value to 60 minutes.

* Message Type

  `AssertionType`

* Expression

```
#cal = new org.apache.xmlbeans.XmlCalendar(new java.util.Date()),
#cal.setTimeZone(@java.util.TimeZone@getTimeZone("UTC")),
#cal.add(@java.util.Calendar@MINUTE, 60),
#AssertionType.getAuthnStatementArray(0).setSessionNotOnOrAfter(cal)
```

* Expected assertions

```
...
<saml:AuthnStatement ... AuthnInstant="2015-03-20T16:27:37.344Z"
 SessionNotOnOrAfter="2015-03-20T17:27:37.398Z">
    <saml:AuthnContext>
      <saml:AuthnContextClassRef>...</saml:AuthnContextClassRef>
    </saml:AuthnContext>
</saml:AuthnStatement>
...
```

## Use well-formed XML as attribute value

The following expression inserts well-formed XML in the `<AttributeValue>` element if the **Attribute Name Format** is `urn:pingidentity.com:SAML:attrname-format:xml:complex`.

* Message Type

  `AssertionType`

* Expression

```
#i = 0,
#AssertionType.getAttributeStatementArray(0).getAttributeArray().{#this.getNameFormat().equals('urn:pingidentity.com:SAML:attrname-format:xml:complex')?
{#AssertionType.getAttributeStatementArray(0).getAttributeArray(i).removeAttributeValue(1)}:null,
#i = #i+1}
```

|   |                                                                                                                                                    |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | Line breaks are inserted for readability only. Statements calling methods whose arguments are enclosed in quotes must be entered on a single line. |

This example uses well-formed XML as the attribute value for attributes that are configured as `urn:pingidentity.com:SAML:attrname-format:xml:complex` (a custom attribute name format added to `<pf_install>/pingfederate/server/default/data/config-store/custom-name-formats.xml`) in the **Attribute Contract** window. You can use other application logic here.

* Sample inputs (attributes and their values)

**Example input 1**

|                       |                                                         |
| --------------------- | ------------------------------------------------------- |
| Attribute Name        | ExtAttr1                                                |
| Attribute Name Format | urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified |
| Attribute Value       | `123`                                                   |

**Example input 2**

|                       |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| Attribute Name        | ExtAttr2                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
| Attribute Name Format | urn:pingidentity.com:SAML:attrname-format:xml:complex                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
| Attribute Value       | ```
<saml:Attribute
 xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
 Name="ExtAttr2"
 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml:AttributeValue
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:customNs="http://www.sample.tld/customnamespace">
        <customNs:Line>Documentation</customNs:Line>
        <customNs:Line>Ping Identity</customNs:Line>
    </saml:AttributeValue>
</saml:Attribute>
```&#xA;&#xA;This is a well-formed XML document in one line. |

* Expected results

```
...
<saml:Attribute Name="ExtAttr1"
 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml:AttributeValue xsi:type="xs:string"
     xmlns:xs="http://www.w3.org/2001/XMLSchema"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        123
    </saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="ExtAttr2"
 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
    <saml:AttributeValue
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:customNs="http://www.sample.tld/customnamespace">
        <customNs:Line>Documentation</customNs:Line>
        <customNs:Line>Ping Identity</customNs:Line>
    </saml:AttributeValue>
</saml:Attribute>
...
```

## Include extensions in authentication requests

This expression includes the optional `Extensions` element in the authentication requests if a certain query parameter (`oid` in this example) is sent to the `/sp/startSSO.ping` endpoint to start an SP-initiated SSO request.

* Message Type

  `AuthnRequestDocument`

* Expression

```
#element = #XmlHelper.addToSaml2Extensions(#AuthnRequestDocument, '<samplens:orgId name="orgId" xmlns:samplens="urn:org.sample.wms"/>'),
#value = #HttpServletRequest.getParameter('oid') == null ? 'someDefaultValue' : #HttpServletRequest.getParameter('oid') ,
#XmlHelper.setAttribute(#element, 'value', #value)
```

* Expected AuthnRequest

  A GET request to https\://*\<pf\_host>*:*\<pf.https.port>*/sp/startSSO.ping?PartnerIdpId=*\<entityID>*\&oid=123 would trigger the following Extensions block.

```
<samlp:AuthnRequest ...>
  <saml:Issuer ...>...</saml:Issuer>
  <samlp:Extensions>
    <samplens:orgId name="orgId" value="123" xmlns:samplens="urn:org.sample.wms"/>
  </samlp:Extensions>
  ...
</samlp:AuthnRequest>
```

For information about OGNL, see the [Apache Commons OGNL Language Guide](https://commons.apache.org/dormant/commons-ognl/language-guide.html).