Use OGNL expressions and syntax to evaluate and manipulate attribute values and return information based on the results.
OGNL is based on the Java programming language. You can transform a range of values into a text description or do the same for a sequence of ranges.
Use the #
symbol to reference OGNL variables. For an identity provider
(IdP), PingFederate provides predefined OGNL variables for IdP-adapter attributes, any
attributes retrieved from datastores, and attributes for token authorization. For a service
provider (SP), variables are available for attributes received in an assertion, an
attribute query, and attributes for token authorization. For example, you can retrieve the
SAML_SUBJECT value with #SAML_SUBJECT
.
Use the following construction for any attributes from any source that contain special
characters that cannot be parsed by
OGNL:
#this.get("<attribute_name>")
.
Because OGNL uses the “at” symbol (@
) to reference static Java methods,
expressions containing the symbol must be enclosed in double
quotes.
Otherwise, expression parsing fails. For example, use
#SAML_SUBJECT="usr@msn.com"
, not
#SAML_SUBJECT=usr@msn.com
.
Data store syntax
For datastore attributes with an attribute source ID, use the
#this.get("ds.attr-source-id.attribute_name")
syntax.
For datastore attributes without an attribute source ID, use the
#this.get("ds.attribute_name")
syntax.
Other variable syntax
To access mapped attributes, use the #this.get("mapped.attribute_name")
syntax.
To access most context attributes, use the
#this.get("context.attribute_name")
syntax.
To access the HTTP Request context attribute, use the
#this.get("context.HttpRequest").getObjectValue()
syntax.
The returned value is an instance of
javax.servlet.http.HttpServletRequest
. See http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html.