Forum Discussion
Kevin_Stewart
Oct 08, 2015Employee
I did indeed forget about that scenario. 😉 What I've found in testing though is that an empty attribute value will not create an AttributeValue tag at all. Example
which of course throws off the list. I've added a counter and some modulus math to the above to account for this possibility:
when ACCESS_POLICY_COMPLETED {
grab the entire AttributeStatements section
set attr_statement [findstr [ACCESS::session data get session.saml.last.assertion] "" 26 ""]
create an empty list
set attr_list [list]
start counter
set ctr 0
split the attributes and loop through them
foreach x [split $attr_statement "<"] {
if { $x starts_with "saml2:Attribute Name=" } {
found an attribute name - check counter to see if counter mod 2 == 0
if { [expr $ctr % 2] != 0 } {
previous attribute had no value - add a null to the list
lappend attr_list null
increment the counter
incr ctr
}
lappend attr_list [findstr $x "saml2:Attribute Name=\"" 22 "\""]
increment the counter
incr ctr
} elseif { $x starts_with "saml2:AttributeValue>" } {
found an attribute value - add it to the list
lappend attr_list [findstr $x "saml2:AttributeValue>" 21 "<"]
increment the counter
incr ctr
}
}
if the last counter value is not even (counter mod 2 != 0) then the last item in the list had no value - add one more null value to the list
if { [expr $ctr % 2] != 0 } {
lappend attr_list null
}
result is a list. Ex. [name1 value1 name2 value2 name3 value3]
log local0. $attr_list
}