Managing a Virtual Attribute

You can create, edit, or delete a virtual attribute.

NOTE:You cannot delete a virtual attribute that is being used by an attribute set. Before deleting a virtual attribute, ensure that it is not being used by a policy.

This section discusses the following topics:

Creating a Virtual Attribute

You can create a virtual attribute from an attribute source and from an external data source.

  1. Click Devices > Identity Server > Shared Settings > Virtual Attributes > Virtual Attribute.

  2. Click + to create a virtual attribute.

  3. Specify a name and description for the virtual attribute.

  4. Click Step 1: Provide input > parameters and specify the following details:

    Field

    Description

    Name

    Specify a name for the attribute. If you use advanced JavaScript option, specify the same name in Advanced JavaScript. The default value is P1.

    Parameter Value

    Select an attribute from the list. To specify additional values, click +.

    NOTE:If an attribute source returns a null or an empty value, the corresponding input parameter takes an empty string value.

    Show / Add Test Values?

    Click to display Test value. You can add, edit, and delete a test value.

  5. Click Step 2: Provide a modification function and specify the following details:

    • Select a function: Select a function. The corresponding JavaScript is displayed in Script. Expand the script to view. You can further customize these scripts and use them in Advanced JavaScript.

      The following table lists the pre-defined JavaScript functions with examples:

      Function

      Description

      Example: Pre-Defined Functions

      To UpperCase

      Converts the input value to upper case.This function works on arrays and single-valued input. It uses the toUpperCase() JavaScript function.

      Works only on one input parameter that is selected in Step 1: Provide input parameters

      If P1=alice, then the result displays ALICE.

      To LowerCase

      Converts the input value to lower case.This function works on arrays and single-valued input. It uses the toLowerCase() JavaScript function.

      Works only on one input parameter that is selected in Step 1: Provide input parameters

      If P1=ALICE, then the result displays alice.

      Remove Substring

      Removes a substring from all instances of the input value. This function does not remove a substring from the global option.This function works on arrays and single-valued input. It uses the following JavaScript function: split() and join()

      Works only on one input parameter that is selected in Step 1: Provide input parameters

      If P1=a@microfocus.com

      Remove=@microfocus, then the result is a.com.

      Find and Replace

      Finds and replaces a string from all instances of the input value.

      Works only on one input parameter that is selected in Step 1: Provide input parameters

      If P1=abcde

      Find=e

      Replace=a, then the result displays abcda

      Regex Replace

      Finds and replaces a substring from all instances of the input value by using a regular expression.

      For example, to search /, you must escape it first using \. Use the following syntax: /\//

      This function works on arrays and single-valued input. It uses the following JavaScript functions: replace()

      Works only on one input parameter that is selected in Step 1: Provide input parameters

      If P1=bob@novell.com

      Find=@novell.com

      Replace=@microfocus.com

      The result displays: bob@microfocus.com

      Find Subset by Regex

      Use this function if an input is multi-valued and you want a subset of values from it, satisfying a particular condition by using a regular expression.This function works on arrays and single-valued input. It uses the following JavaScript function: replace()

      Works only on one input parameter that is selected in Step 1: Provide input parameters

      If

      P1='’a@novell.com, b@novell.com,c @microfocus.com, d@microfocushr.com”

      regex= /microfocus/

      Then, the result displays:

      c@microfocus.com, d@microfocushr.com

      Concatenate Values in a Parameter

      Concatenates multiple values of a multi-valued input. You must add a separator between the values that you want to concatenate

      Works only on one input parameter that is selected in Step 1: Provide input parameters

      If P1=abc, def

      Separator=+

      Then, the result displays:

      abc+ def

      Concatenate Multiple Parameters

      Concatenates multiple input parameter values, where each input parameter can be multi-valued input. You must add a separator between the values that you want to concatenate

      If P1=abc, def

      and P2=123, 456

      Parameter Separator=+

      Multi value Separator=:

      Then, the result displays abc:def+123:456

      Advanced JavaScript

      Specify a customized JavaScript In this field. You need to create a JavaScript function with name “main” and specify the code in it. You can write your custom code or you can also copy the existing pre-defined code.You can also call multiple functions in the “main” function.

      See Sample JavaScripts with Examples.

      No Modification

      Use this function if you do not require any modification to the input parameters.

       

      IMPORTANT:

      • After JavaScript processing, if the output is a null value, the value of the virtual attribute is empty.

      • The pre-defined function can handle both single-valued and multi-valued inputs. If the input is multi-valued, the pre-defined function is applied on each values.

      Advanced JavaScript:

      Sample JavaScript:

      function main(P1, P2)
           {
                //some logic
                //you can call yourFunction(name) and use its return value
                return some value;
           }
           function yourFunction(name)
           {
                //some code
               //return some value;
           }

      For advanced JavaScript, the input parameter name in the main function of the JavaScript must match the input parameter name specified in Step 1: Provide input parameters. The return value can be a single value or an array.

      When the input is multi-valued, it is sent as an array to the main function.

      When Identity Server computes the value of a virtual attribute, it calls a function named main that is available in the script provided for it. The value (single value or array) returned by main is the value of the virtual attribute.

      For example: Consider a scenario where P1 contains bmw and nissan, you can use the JavaScript instanceof function to check if the input is single-valued or multi-valued. If it is multi-valued, then JavaScript iterates over the values P1=['bmw', 'nissan']

      function main (P1){
        if( P1 instanceof Array) {
          var a =P1[0]    //will assign 'bmw' value to variable a
          //do something
        }
      else{
       // if the P1 is single value not a array
      //do something
      }
      }

      The following code checks if an input parameter is empty, contains a value, or undefined:

      function main(P1){
        if(hasNoValue(P1))
          // do something
             return something;        
      }
      function hasNoValue(P1){
         if(P1 == null || (typeof P1 == 'undefined') || P1.trim().length == 0)
              return true;
         else 
              return false;
      }
    • Base64 Encode: (Conditional) Select this if you want to encode the modified attribute with Base64.

    • Test: Click this to test the input values based on the modification function. To test multi-valued inputs, click the + icon.

      For example, if an attribute mail has two values: abc@example.com and def@example.com, click the + icon twice. In each field, add the values separately.

      The test result displays the status with the test results. You can view the error logs at the following location:

      /opt/novell/nam/adminconsole/logs/catalina.out

  6. Click OK and update Identity Server.

Editing a Virtual Attribute

  1. Click Devices > Identity Server > Shared Settings > Virtual Attributes.

  2. Click the virtual attribute you want to modify.

  3. On the Edit Virtual Attribute page, modify the details as required.

    For more information about the fields on this page, see Creating a Virtual Attribute.

  4. Click OK and update Identity Server.

IMPORTANT:You must update Identity Server each time you edit the properties of a virtual attribute.