You can create, edit, or delete a virtual attribute.
NOTE:You cannot delete a virtual attribute that is being used by an attribute set. Before deleting a virtual attribute, ensure that it is not being used by a policy.
This section discusses the following topics:
You can create a virtual attribute from an attribute source and from an external data source.
Click Devices > Identity Server > Shared Settings > Virtual Attributes > Virtual Attribute.
Click + to create a virtual attribute.
Specify a name and description for the virtual attribute.
Click Step 1: Provide input > parameters and specify the following details:
|
Field |
Description |
|---|---|
|
Name |
Specify a name for the attribute. If you use advanced JavaScript option, specify the same name in Advanced JavaScript. The default value is P1. |
|
Parameter Value |
Select an attribute from the list. To specify additional values, click +. NOTE:If an attribute source returns a null or an empty value, the corresponding input parameter takes an empty string value. |
|
Show / Add Test Values? |
Click to display Test value. You can add, edit, and delete a test value. |
Click Step 2: Provide a modification function and specify the following details:
Select a function: Select a function. The corresponding JavaScript is displayed in Script. Expand the script to view. You can further customize these scripts and use them in Advanced JavaScript.
The following table lists the pre-defined JavaScript functions with examples:
|
Function |
Description |
Example: Pre-Defined Functions |
|---|---|---|
|
To UpperCase |
Converts the input value to upper case.This function works on arrays and single-valued input. It uses the toUpperCase() JavaScript function. Works only on one input parameter that is selected in Step 1: Provide input parameters |
If P1=alice, then the result displays ALICE. |
|
To LowerCase |
Converts the input value to lower case.This function works on arrays and single-valued input. It uses the toLowerCase() JavaScript function. Works only on one input parameter that is selected in Step 1: Provide input parameters |
If P1=ALICE, then the result displays alice. |
|
Remove Substring |
Removes a substring from all instances of the input value. This function does not remove a substring from the global option.This function works on arrays and single-valued input. It uses the following JavaScript function: split() and join() Works only on one input parameter that is selected in Step 1: Provide input parameters |
If P1=a@microfocus.com Remove=@microfocus, then the result is a.com. |
|
Find and Replace |
Finds and replaces a string from all instances of the input value. Works only on one input parameter that is selected in Step 1: Provide input parameters |
If P1=abcde Find=e Replace=a, then the result displays abcda |
|
Regex Replace |
Finds and replaces a substring from all instances of the input value by using a regular expression. For example, to search /, you must escape it first using \. Use the following syntax: /\// This function works on arrays and single-valued input. It uses the following JavaScript functions: replace() Works only on one input parameter that is selected in Step 1: Provide input parameters |
If P1=bob@novell.com Find=@novell.com Replace=@microfocus.com The result displays: bob@microfocus.com |
|
Find Subset by Regex |
Use this function if an input is multi-valued and you want a subset of values from it, satisfying a particular condition by using a regular expression.This function works on arrays and single-valued input. It uses the following JavaScript function: replace() Works only on one input parameter that is selected in Step 1: Provide input parameters |
If P1='’a@novell.com, b@novell.com,c @microfocus.com, d@microfocushr.com” regex= /microfocus/ Then, the result displays: c@microfocus.com, d@microfocushr.com |
|
Concatenate Values in a Parameter |
Concatenates multiple values of a multi-valued input. You must add a separator between the values that you want to concatenate Works only on one input parameter that is selected in Step 1: Provide input parameters |
If P1=abc, def Separator=+ Then, the result displays: abc+ def |
|
Concatenate Multiple Parameters |
Concatenates multiple input parameter values, where each input parameter can be multi-valued input. You must add a separator between the values that you want to concatenate |
If P1=abc, def and P2=123, 456 Parameter Separator=+ Multi value Separator=: Then, the result displays abc:def+123:456 |
|
Advanced JavaScript |
Specify a customized JavaScript In this field. You need to create a JavaScript function with name “main” and specify the code in it. You can write your custom code or you can also copy the existing pre-defined code.You can also call multiple functions in the “main” function. |
|
|
No Modification |
Use this function if you do not require any modification to the input parameters. |
|
IMPORTANT:
After JavaScript processing, if the output is a null value, the value of the virtual attribute is empty.
The pre-defined function can handle both single-valued and multi-valued inputs. If the input is multi-valued, the pre-defined function is applied on each values.
Advanced JavaScript:
Sample JavaScript:
function main(P1, P2)
{
//some logic
//you can call yourFunction(name) and use its return value
return some value;
}
function yourFunction(name)
{
//some code
//return some value;
}
For advanced JavaScript, the input parameter name in the main function of the JavaScript must match the input parameter name specified in Step 1: Provide input parameters. The return value can be a single value or an array.
When the input is multi-valued, it is sent as an array to the main function.
When Identity Server computes the value of a virtual attribute, it calls a function named main that is available in the script provided for it. The value (single value or array) returned by main is the value of the virtual attribute.
For example: Consider a scenario where P1 contains bmw and nissan, you can use the JavaScript instanceof function to check if the input is single-valued or multi-valued. If it is multi-valued, then JavaScript iterates over the values P1=['bmw', 'nissan']
function main (P1){
if( P1 instanceof Array) {
var a =P1[0] //will assign 'bmw' value to variable a
//do something
}
else{
// if the P1 is single value not a array
//do something
}
}
The following code checks if an input parameter is empty, contains a value, or undefined:
function main(P1){
if(hasNoValue(P1))
// do something
return something;
}
function hasNoValue(P1){
if(P1 == null || (typeof P1 == 'undefined') || P1.trim().length == 0)
return true;
else
return false;
}Base64 Encode: (Conditional) Select this if you want to encode the modified attribute with Base64.
Test: Click this to test the input values based on the modification function. To test multi-valued inputs, click the + icon.
For example, if an attribute mail has two values: abc@example.com and def@example.com, click the + icon twice. In each field, add the values separately.
The test result displays the status with the test results. You can view the error logs at the following location:
/opt/novell/nam/adminconsole/logs/catalina.out
Click OK and update Identity Server.
Click Devices > Identity Server > Shared Settings > Virtual Attributes.
Click the virtual attribute you want to modify.
On the Edit Virtual Attribute page, modify the details as required.
For more information about the fields on this page, see Creating a Virtual Attribute.
Click OK and update Identity Server.
IMPORTANT:You must update Identity Server each time you edit the properties of a virtual attribute.