matt4 Trusted Contributor.
Trusted Contributor.
485 views

Crafting a redirect URL using attribute data

This may sound like an odd request, but I'm trying to see if there is a way I can use variable data, like LDAP attributes or Virtual attributes, within a Redirect URL in an Auth policy, almost like a macro?

I want to craft some "smart" links to redirect users to various Office 365 services, but the problem is I have 60+ domains to deal with. The Microsoft smart links have the domain as a component.

For example, if I want to send a user to Outlook Web Access, bypassing the "Select an Account Page", I use a smart link like this:

https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=mydomainhere.com&wreply=https://outlook.office365.com/owa/


Where "mydomainhere.com" is replaced with the user's federated domain in Office 365.

What I'd like to do is grab it off the user's UPN or mail attribute and "craft" the URL on the fly in a policy.

Any ideas how I could do something like that right in NAM?

Thanks.

Matt
0 Likes
3 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Crafting a redirect URL using attribute data

On 13-04-2019 2:56 AM, matt wrote:
>
> This may sound like an odd request, but I'm trying to see if there is a
> way I can use variable data, like LDAP attributes or Virtual attributes,
> within a Redirect URL in an Auth policy, almost like a macro?
>
> I want to craft some "smart" links to redirect users to various Office
> 365 services, but the problem is I have 60+ domains to deal with. The
> Microsoft smart links have the domain as a component.
>
> For example, if I want to send a user to Outlook Web Access, bypassing
> the "Select an Account Page", I use a smart link like this:
>
>
> Code:
> --------------------
> https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=*mydomainhere.com*&wreply=https://outlook.office365.com/owa/
> --------------------
>
>
> Where "mydomainhere.com" is replaced with the user's federated domain in
> Office 365.
>
> What I'd like to do is grab it off the user's UPN or mail attribute and
> "craft" the URL on the fly in a policy.
>
> Any ideas how I could do something like that right in NAM?


I don't think you can do this out of the box but I reckon you could might be able to do this with a custom JSP but i'm not sure where this would fit
in in your solution tho and if you could call this page somewhere.

The only challenge is that I'm not sure how you would read the virtual attributes from the JSP.


--
Cheers,
Edward
0 Likes
oimastek
New Member.

Re: Crafting a redirect URL using attribute data

Hello Matt,

Not sure if you've already sorted this, but we used sendRedirect method in Custom Authentication Class to redirect dynamically. You can also do the same in Login Page JSP.

IN JSP
if (handler.isAuthenticatedSession()) {
String redirectURL = "https://toSomeUrl";
response.sendRedirect(redirectURL);
}

Or in Auth Class there is an m_Response object coming from the LocalAuthClass inherited
m_Response.sendRedirect("https://toSomeUrl");

Hope this helps.
0 Likes
matt4 Trusted Contributor.
Trusted Contributor.

Re: Crafting a redirect URL using attribute data

oimastek;2499408 wrote:
Hello Matt,

Not sure if you've already sorted this, but we used sendRedirect method in Custom Authentication Class to redirect dynamically. You can also do the same in Login Page JSP.

IN JSP
if (handler.isAuthenticatedSession()) {
String redirectURL = "https://toSomeUrl";
response.sendRedirect(redirectURL);
}

Or in Auth Class there is an m_Response object coming from the LocalAuthClass inherited
m_Response.sendRedirect("https://toSomeUrl");

Hope this helps.


Thanks, but in the JSP, how do I get the user's UPN from LDAP so I can craft the redirect?

With a Custom Auth class, is that something I could build and just add as an additional auth method then? I don't have experience building a custom auth class though, so I'm not sure how hard that would be to do.

Matt
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.