Use OGNL expressions and syntax to evaluate and manipulate attribute values and return information based on the results.
OGNL is based on the Java programming language. You can transform a range of values into a text description or do the same for a sequence of ranges.
Use the #
symbol to reference OGNL variables. For an identity provider
(IdP), PingFederate provides predefined OGNL variables for IdP-adapter
attributes, any attributes retrieved from datastores, and attributes for token
authorization. For a service provider (SP), variables are available for attributes received
in an assertion, an attribute query, and attributes for token authorization. For example,
you can retrieve the SAML_SUBJECT value with
#SAML_SUBJECT
.
Use the following construction for any attributes from any source that contain special
characters that cannot be parsed by OGNL:
#this.get("<attribute_name>")
.
Because OGNL uses the “at” symbol (@
) to reference static Java methods,
expressions containing the symbol must be enclosed in double quotes. Otherwise,
expression parsing fails. For example, use #SAML_SUBJECT="usr@msn.com"
,
not #SAML_SUBJECT=usr@msn.com
.
Data store syntax
For datastore attributes with an attribute source ID, use the
#this.get("ds.attr-source-id.attribute_name")
syntax.
For datastore attributes without an attribute source ID, use the
#this.get("ds.attribute_name")
syntax.
Other variable syntax
To access mapped attributes, use the #this.get("mapped.attribute_name")
syntax.
To access most context attributes, use the
#this.get("context.attribute_name")
syntax.
To access the HTTP Request context attribute, use the
#this.get("context.HttpRequest").getObjectValue()
syntax.
The returned value is an instance of
javax.servlet.http.HttpServletRequest
. See http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html.