User Attribute Transformations in Access Manager 4.2 (Virtual Attributes)

User Attribute Transformations in Access Manager 4.2 (Virtual Attributes)

In Access Manager’s Identity provider (IDP), often we need to transform user attributes. For example:

    1. Need to modify the value of a user attribute before sending it to the Service Provider in a federation (e.g. SAML)

 

    1. Derive a new attribute from the data available in multiple attributes of a user and send that to Service Provider in a federation.

 

    1. Modify the value of an attribute or derive a new attribute from the current attributes of a user and send it to the applications that are protected by Access Gateway.




Access Manager 4.2 has a new feature “Attribute Transformation and Retrieval” which gives you an ability to do above things. This feature introduces an attribute called “Virtual attribute”. As the name suggests, it is “virtual” and is generated as a user attribute at runtime. Virtual attribute can be created based on the values of the existing User attributes. There is a provision to fetch a value from external LDAP and SQL data stores and transform it as well in Virtual attributes.

Refer to the link below for more information:

https://www.netiq.com/documentation/access-manager-42/admin/data/b1caobu1.html#userattributeretrievalandtransformation

How to transform exiting user attributes to create new virtual attribute?

For creating a virtual attribute, you need to write the transformation logic in JavaScript and provide the user attributes as input to it. There are various JavaScript utility functions (example scripts) provided in the User interface which you can use straightaway without writing JavaScript yourself. In case you have a complex transformation requirement and the utility functions do not fulfill your needs, you can go with advanced option and provide your own JavaScript, to derive a virtual attribute.

User Interface also comes with a test tool, which you can use to test your JavaScript .

Refer to: https://www.netiq.com/documentation/access-manager-42/admin/data/b1caobu1.html#managing_virtualattribute

For creating virtual attributes, basic knowledge of JavaScript is required and this short article covers just those concepts (from basics) that you would need to know to write JavaScript for Virtual attributes.

Some practical sample use cases with JavaScript from the NAM documentation:

https://www.netiq.com/documentation/access-manager-42/admin/data/b1caobu1.html#b1hyr3iw

JavaScript Guide for Virtual Attributes:

    • Functions

 

    • Statements

 

    • Variables

        • String

        • Number

        • Arrays


 

    • Operators

        • Assignment operators

        • Arithmetic operators

        • Logical operators


 

    • Writing logic or code in JavaScript

        • If else

        • Looping


 

    • List of general standard java useful functions

        • String functions

        • Regex functions


 

    • Regular Expression

        • Concepts

        • Sample regular expressions




1) Functions

A JavaScript function is a block of code that contains a logic to perform a task.

Syntax:

       function addText( string1 , string2){

       // Add your code and logic here

       return string1 + string2;

       }

what it does: Above function can be used to concatenate strings.

Parameter list: string1, string2

what it returns: string concatenation

Use of functions

You can reuse code: Define the code once, and use it many times.

You can use the same code many times with different arguments, to produce different results.

Parameter

You can pass parameters in a function, which are actually inputs to that function.

There is no limit on the number of parameters that can be passed to a function.

You can perform some operations or use it in some logic in your function.

Return value

A function can return value, using return statement as present in above example. You can return a single value or multi valued value from the return statement.

Calling functions inside functions

      function func1( ){

          return func2() + func3();

      }

     function func2(){

        //some code

         return 'a';

     }

     function func3(){

       //some code

        return 'b';

     }

 

2) Statements

Statements are "instructions" that are "executed" by the web browser

Each statements must be ended with semicolon ; e.g.

      var name = “bob” ;

      var email = name +”@company.com” ;

 

3) Variables

Variables are the things in which you can store some data.

e.g example, a, name, are variables and we declare it as following in code:

      var a = 1;

      var name = “Bob”;

    3.1)String type

      A JavaScript string stores characters like "abc".

     The string needs to be enclosed in a double or single quotes:

      var name = "abc"; //double quote

      var name = ‘abc’; // single quote

     3.2) Number type

      e.g var age = 20;

      var percentage = 2.2;

      Convert String into number

      To obtain a number from string variable , use Number function.

      var marksString = “13456”;

      var marks= Number(marksString);


      Now, you can do any arithmetic operation on this number e.g.

      marks = marks – 2;

    3.3) Arrays

     The Array object lets you store many values in a single variable.

      var names = ["Bob", "James", "Katie"];

     Accessing elements of arrays:

      var name1 = names[0]; //will assign → Bob

      var name2 = names [1]; // will assign → James

     Adding more values to arrays

     names;[3]=”Victor”;

     var names = name1 + “ ”+name2; // output → Bob James

     Length of a array: use length function

     var names = ["Bob", "James", "Katie", "Victor"];

     var len = names.length; // output -->4

     Checking whether a datatype is of array

     instanceof operator can be used for this .

     var cars =['bmw', 'nissan'];

     if( cars instanceof Array) {

        //do something

     }

    Looping over an Array

    For loop can be used to loop over array:

     var index;

     var text = '';

     var names = ["Bob", "James", "Katie", "Victor"];

     for (index = 0; index < names.length; index++) {

        text = text +” ”+ names[index];

      }

     ouptut → variable text will have all names separated by an empty space.

 

     3.4) Boolean values:

    The Boolean variable represents two values, either true or false. You can use these values in conditional operators or functions.

    var condition = true;

    var goHead = false;

    if(condition == true) {

         //execute some code

    }else {

        //execute some code

    }

 

4) Operators

Assignment operator: =

var name = 'Bob'; // assigns bob to name variable ( please note that this is not used as comparison operator.For comparison, == is used

Arithmetic Operators:

  + ( Addition), - (Subtraction) , *( Multiplication) ,/ (Division), % (Modulus),++ (Increment),-- (Decrement)

these operators can be used with number datatypes. e.g var percentage = (23*2)%100;

Comparison and logical operators:

== ( equal to), === (equal value and equal type),

!= (not equal),!== ( not equal value or not equal type),> greater than,< less than,>= greater than or equal to,<= less than or equal to

These operators return Boolean value and are mostly used in conditional/comparison functions in JavaScript.

E.g. if statements, for loops. e.g.

if( name == 'Bob') { //some code}

5) Writing Logic or Code in JavaScript

   5.1) If , else if , else statement

        This is used to write conditional logic in javascript.

        Syntax:

        if (condition1) {

               block of code to be executed if condition1 is true

        } else if (condition2) {

              block of code to be executed if the condition1 is false and condition2 is true

        } else {

            block of code to be executed if the condition1 is false and condition2 is false

       }

      Example :

      if (age < 10) {

            gift = "toys";

      } else if (age < 10) {

           gift = "Story book";

      } else {

          gift = "Cup";

      }

    5.2) Loops


    We will learn “for“ loop as it will cover most of your use cases :

    Why loop:

     Loops can be used in scenarios where you want to run the same code again and

     again with a different input each time. Often we use it to loop through the values present

     in an array:

     For loop:

     Syntax:

     for (statement 1; statement 2; statement 3) {

          code block to be executed

      }

     Statement 1 is executed before the loop (the code block) starts.

     Statement 2 defines the condition for running the loop (the code block).

     Statement 3 is executed each time after the loop (the code block) has executed.

     Example

      for (i = 0; i < 5; i++) {

          //statements inside for loop

           text += "The number is " + i + "<br>";

       }


     Output:

      The number is "0 "

      The number is "1 "

      The number is "2 "

      The number is "3 "

      The number is "4 "

     Explanation:

     Step 1: Above logic will initialize variable I to 0

     Step 2: Check whether i is less that 5 as per for statement for (i = 0; i < 5; i++) .

       If I is less than 5 it will execute the statements written inside for loop, otherwise

      exit without executing further

     Step 3: If i < 5 ,it will run statements present inside for the loop( here ->text +=

      "The number is " + i + "<br>";)

     Step 4: It will increment i by 1 using i++ as defined in for statement →

       for(i = 0; i < 5; i++) , and go to Step 3

    Break Statement

    The break statement is used to break the loop and jump out of it.

      for (i = 0; i < 10; i++) {

            if (i === 3) { break; }

                text += "i";

       }

       output :012

     Continue statement

     If you want to skip some part of the for loop code in a particular iteration, you can use continue statement to skip running the remaining code and 

     jump over and start evaluating the next iteration.

     for (i = 0; i < 8; i++) {

         if (i === 3) { continue; }

        text += "i";

     }

    output: 0124567

6) List of general standard java useful functions

6.1) String concatenation : + operator

e..g var a =”bob”;

var b ='tom';

var c = a+ b; // output ->bobtom

Please note that if a and b are number, then + operator will add the values. e.g

var a =1;

var b =2';

var c = a+ b; // output ->3

But, if one of the a or b is a string then, it will be string contacatenation:

var a =”bob”;

var b ='1';

var c = a+ b; // output ->bob1

6.2) String length

var str = “BOB”; var len = str.length ; //output ->3

6.3) String functions

Function Description Example
lastIndexOf() Gives the position of the last found index of a string within another string var str bob@company.com;

var pos = str.indexOf("o");

// output-> 13
indexOf() Finds a string within another string and returns the index where the match is found var str = bob@company.com;

var pos = str.indexOf("company");

// output-> 4
match() Matches a string against a regular expression and returns the matched part of that string var str = "Bob:James:Katie";

var res = str.match (/\w/);

//output ->B , \w is a regular expression to match any character
replace() Replaces a part of input string with another string and returns the resulting string var str = "Bob, James, Katie";

var res = str.replace ('Bob','John');

// output ->John, James, Katie
search() It searches a string/character in an input string and returns the index where that match starts var str = "Bob:James:Katie";

var res = str.search (':');

// output → 3
split() Splits a string into an array of substrings based on the separator provided in the bracket. e.g. split("&“); var str = "Bob:James:Katie";

var res = str.split (':');

// output ->Bob, James, Katie

res[0] will have Bob as value

res[1] will have James as value
substring() It returns a subset of a string from the start index to the end index - substring(0,4)

It return string from the start index to the end of the string substring(4);
var str = "Bob, James, Katie";

var res = str.substring (5);

// output ->James, Katie
toLowerCase() Returns a string that contains the input string in lowercase letters var str = "Bob, James, Katie";

var res = str.toLowerCase (); //output :bob, james, katie
toUpperCase() Returns a string that contains the input string in uppercase letters var str = "Bob, James, Katie";

var res = str.toUpperCase();

//output :BOB, JAMES, KATIE
trim() Removes whitespace from both start and end of the input string var str = “ Bob “;

var res = str.trim();

// output : Bob


6.4) Some functions that take regex as input

     
replace() finds a match and replace it with the desired string var res = str.search (/o1/g,'v');

// output → “Bv1:Jv1:Kv1
serach() Searches a string for a value and returns the position of the match var str = "Bo1:Jo1:Ko1";

var res = str.search (/o1/);

// output → 1
split() Split a string into an array of substrings var str = "Bo1Jo1Ko1";

var res = str.split (/o1/);

// output → res[0] = 'B', res[1]='J' , res[2] ='K'



7) Regular Expression Basics and Examples


7.1) Basics:

A regular expression is an object in Javascript which is used to describe a pattern.

This can be used for pattern matching in JavaScript. E.g. it can be used to select an email id that ends with “@netiq.com” from the list of emails of a user.

Syntax

/pattern/flags;

Example

im4

A pattern can contain Ranges, Special Characters and Repeated expressions that are explain below.

Flags

Flags can be used to configure case-insensitive and global searches. Flags can have any combination of the following values:


Name (Syntax)


Description


Example

i Match in case-insensitive manner /abc/i will match ABC and abc both. However, /abc/ will match only abc in a string
g Does a global match. If not set, then the corresponding regular expression stops after finding the first match /to/g will match all occurrences of 'to' in a sentence, whereas /to/ will match only the first occurrence


Ranges

Brackets are used to define a range of characters to match.


Name (Syntax)

Description Example
(x|y) Matches either x or y /(morning|evening) food/ will match only 'morning food' and 'evening food', will not

match 'afternoon food'
[0-9] Matches any digit that is between the brackets /A[0-9]/ will match A1,A2...etc. But will not match AB
[^0-9] Matches any digit that is NOT between the brackets /A[^0-9]/ will not match A1,A2...etc. But will not match AB
[abc] Matches any character which is present between the brackets /[sk]it/ will match sit and kit
[^abc] Matches any character that is NOT between the brackets /[^x]it/ will match everything except xit


Special Characters

Characters that have special meaning in Regular expressions:


Name (Syntax)

Description Example
. Matches a single character, except newline or line terminator /a./ will match a1 , aa but will not match just a
$ Matches the position at the end of the input string. /t$/ will match mat, cat but will not match apple
^ Matches the position at the beginning of the input string. /^ap/ will match apple but will not match mapple
\d Matches a single digit /A\d/ will match A1, A2 but will not match AA
\D Matches a non-digit character /A\D/ will match Aa, A% but will not match A1
\s Matches a whitespace character /A\sC/ will match A C but will not match ABC
\S Matches a non-whitespace character /A\SC/ will match ABC , but will not match A C
\w Matches one word character /\w\w\w/ will match any String that contains consecutive 3 word characters (letters or numbers)

Example: name, bus, A12 but will not match a%a%a%
\W Matches a non-word character W/ will match a string that contains %. ^&* @ etc
\b Finds a match that should be in beginning or end of a word /\bap/ will match apple , but will not match maple
\B Finds a match that should not be at the beginning or end of a word /\Bap/ will match maple but not match apple


Repeated Expressions

Quantifiers are used to indicate the repetition of some subexpression.


Name (Syntax)

Description Example
(subexpression)+ Matches the preceding subexpression one or more times. /a+/ will match map , maap,maaaap but will not match bottle
(subexpression)* Matches the preceding subexpression zero or more times. /ca*t/ will match ct, cat,caat, caaat, but will not match cnt cmt etc
(subexpression)? Matches the preceding subexpression zero or one time. /ca?t/ will match cat, ct, but will not match caaat, czt etc
(subexpression){X} Matches any string that contains an exactly x number of preceding subexpression /ca{1}t/ will match cat and not match caaat etc

/\d{4}/ will match 1000 but will not match 20, 334


 

7.2) Sample Regular Expressions

1) Simple email regex: If you want to search for a string that starts with a letter and has '@' in between and then some characters, and then .com in the end.

/^[a-zA-Z].*@.+\.com$/

Explanation:

im1

This will match abc@company.com, but not 1bc@company.com, aa@.com, abc@companycom etc.

2) Match cn of eDirectory:

It starts with letter or number, then can have = then some letters/numbers then, again same sequence of things, but should not end with = or.

/^[\w+=\w+,]*[\w+=\w+]$/

Explanation:

im2

3) Match a Role that contains NetIQ in the end. For example, it should match AdminNetiq but not adminAmazaon.

/^\w+NetIQ$/

Explanation :

im3


Refer section 6.4 to learn how regular expressions can be used in the javascript functions.

More examples can be found at:

https://www.netiq.com/documentation/access-manager-42/admin/data/b1caobu1.html#b1hyr3iw

8. References:

http://www.w3schools.com/js/default.asp

http://www.w3schools.com/jsref/jsref_obj_regexp.asp

https://developer.mozilla.org/en/docs/Web/JavaScript/Guide/Regular_Expressions

https://developer.mozilla.org/en/docs/Web/JavaScript/Reference/Global_Objects/RegExp

 

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Great article!
Thanks Aleksandar!
Top Contributors
Version history
Revision #:
2 of 2
Last update:
‎2020-03-05 17:21
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.