Dynamic Custom Attributes

reynaldo.nunez · January 10, 2019, 2:15pm

We are in the process of implementing multi tenant using Federated Authentication. In order to filter the specific access to the Tenants Group Members we are using Custom Attributes in combination with data cubes and a security hierarchy. The concept works properly when the custom attribute is manually set at the group members custom attribute value section.

I’ll like to know what will be the best approach to “dynamically” initialize the value of the custom attribute at the time of doing the login. I want to clarify that we are using the federated authentication by specifying the uthBridge/Auth/ExternalAuth?providerId via URL. So if there is a way to initialize the custom attribute using query strings that’ll be the best option.

Thanks

robs · January 10, 2019, 6:13pm

Hi Reynaldo,

You can’t do it using the query string, but as of v6.0, you can map claim values sent back by your identity provider back to custom attributes. See the new CustomAttributeClaimTypeMapping property which you can specify on your provider in the federation manifest. (https://www.dundas.com/support/learning/documentation/administration-configuration-customization/enabling-federated-authentication#h2-federated-authentication-manifest)

reynaldo.nunez · January 10, 2019, 6:31pm

Thanks Rob. Is there a security concern when doing it through the query string? Your suggestion of doing it using the Manifest CustomAttributeClaimTypeMapping is good, but when dealing with multi tenants, the values at the user level could change. That’s why we need to build the string dynamically.

How do you set the custom attribute value using query strings?

Thanks

robs · January 10, 2019, 8:05pm

Reynaldo - it’s not a matter of security - it’s just not possible to do it through the query string.

Even if you’re dealing with multiple tenants, as long as your identity provider is aware of this, you should still be able to specify the mapping in the manifest. Keep in mind that the manifest is telling Dundas which claims (from the identity provider) should be used as the values for custom attributes; it’s not specifying the actual values of those attributes (those should come from the identity provider).

reynaldo.nunez · January 11, 2019, 12:14pm

Thanks a lot Rob. Your feedback helps!