OGNL is based on the Java programming language. OGNL expressions are useful for evaluating and manipulating attribute values and returning information based on the results. You can also transform a range of values into a text description or do the same for a sequence of ranges.

Use the # symbol to reference OGNL variables. For an IdP, PingFederate provides predefined OGNL variables for IdP-adapter attributes, any attributes retrieved from datastores, and attributes for token authorization. For an SP, variables are available for attributes received in an assertion, an attribute query, and attributes for token authorization. For example, the SAML_SUBJECT value may be retrieved using: #SAML_SUBJECT

Note:

Use the following construction for any attributes from any source that contain special characters (hyphens, for example), which cannot be parsed by OGNL: #this.get("<attribute_name>")

Note:

Because OGNL uses the “at” symbol (@) to reference static Java methods, expressions containing the symbol must be enclosed in double quotes; otherwise, expression parsing fails. For example:

#SAML_SUBJECT="usr@msn.com"

(Not #SAML_SUBJECT=usr@msn.com)

Data store syntax

For datastore attributes with an attribute source ID, use this syntax:

#this.get("ds.attr-source-id.attribute_name")

For datastore attributes without an attribute source ID, use this syntax:

#this.get("ds.attribute_name")

Other variable syntax

To access mapped attributes, use this syntax:

#this.get("mapped.attribute_name")

To access most context attributes, use this syntax:

#this.get("context.attribute_name")

To access the HTTP Request context attribute, use this syntax:

#this.get("context.HttpRequest").getObjectValue()

Note:

The returned value is an instance of javax.servlet.http.HttpServletRequest (see docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html).