Identity Provider - IdP - User Attribute Mapping - XPath substring-after


To manage roles, we created groups in our IdP starting with “Ignition-”

Is there a way in the IdP Attribute Mapping to use substring-after in the xpath so I can only manage Roles in ignition without “Ignition-”

Something like: substring-after(/saml2p:Response/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name=‘Roles’]/saml2:AttributeValue/text(), “Ignition-”)

I don’t think there is a clean way to do what you are asking for right now using just XPath or Ignition expressions. You may need to pass the collection of role strings to a jython script using the runScript expression function to do the filtering / manipulating of each role string in the collection (this only works in 8.1.1+), otherwise look to see if the IdP will support filtering out / transforming roles on its end based on which application the user is coming from (Ignition in this case).

Thanks. Ignition and our IdP are brand new, and we found a solution on the IdP side