OGNL is based on the Java programming language. OGNL expressions are useful for evaluating and manipulating attribute values and returning information based on the results. You can also transform a range of values into a text description or do the same for a sequence of ranges.
Use the #
symbol to reference OGNL variables. For an IdP, PingFederate
provides predefined OGNL variables for IdP-adapter attributes, any attributes retrieved
from datastores, and attributes for token authorization. For an SP, variables are available
for attributes received in an assertion, an attribute query, and attributes for token
authorization. For example, the SAML_SUBJECT value may be retrieved
using: #SAML_SUBJECT
Use the following construction for any attributes from any source that contain special
characters (hyphens, for example), which cannot be parsed by OGNL:
#this.get("<attribute_name>")
Because OGNL uses the “at” symbol (@
) to reference static Java methods,
expressions containing the symbol must be enclosed in double quotes; otherwise,
expression parsing fails. For example:
#SAML_SUBJECT="usr@msn.com"
(Not #SAML_SUBJECT=usr@msn.com
)
Data store syntax
For datastore attributes with an attribute source ID, use this syntax:
#this.get("ds.attr-source-id.attribute_name")
For datastore attributes without an attribute source ID, use this syntax:
#this.get("ds.attribute_name")
Other variable syntax
To access mapped attributes, use this syntax:
#this.get("mapped.attribute_name")
To access most context attributes, use this syntax:
#this.get("context.attribute_name")
To access the HTTP Request context attribute, use this syntax:
#this.get("context.HttpRequest").getObjectValue()
The returned value is an instance of
javax.servlet.http.HttpServletRequest
(see docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html).