OGNL is based on the Java programming language. You can transform a range of values into a text description or do the same for a sequence of ranges.

Use the # symbol to reference OGNL variables. For an identity provider (IdP), PingFederate provides predefined OGNL variables for IdP-adapter attributes, any attributes retrieved from datastores, and attributes for token authorization. For a service provider (SP), variables are available for attributes received in an assertion, an attribute query, and attributes for token authorization. For example, you can retrieve the SAML_SUBJECT value with #SAML_SUBJECT.

Note:

Use the following construction for any attributes from any source that contain special characters that cannot be parsed by OGNL: #this.get("<attribute_name>").

Note:

Because OGNL uses the “at” symbol (@) to reference static Java methods, expressions containing the symbol must be enclosed in double quotes. Otherwise, expression parsing fails. For example, use #SAML_SUBJECT="usr@msn.com", not #SAML_SUBJECT=usr@msn.com.

Data store syntax

For datastore attributes with an attribute source ID, use the #this.get("ds.attr-source-id.attribute_name") syntax.

For datastore attributes without an attribute source ID, use the #this.get("ds.attribute_name") syntax.

Other variable syntax

To access mapped attributes, use the #this.get("mapped.attribute_name") syntax.

To access most context attributes, use the #this.get("context.attribute_name") syntax.

To access the HTTP Request context attribute, use the #this.get("context.HttpRequest").getObjectValue() syntax.

Note:

The returned value is an instance of javax.servlet.http.HttpServletRequest. See http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html.