Fact

PhenixID Identity Provisioning 4.1.1 or later

Situation

Use actions that filters which session objects that matches a condition filter. For example Run Action and Run Policy.

Solution

Single Filter Type

The single filter type can only be used to compare a single attribute with a value.

Filter	Description
attribute=value	The attribute must have the exact value ‘value’
attribute=*value	The attribute must have a value that ends with ‘value’
attribute=value*	The attribute must have a value that starts with ‘value’
attribute=value	The attribute must have a value that contains ‘value’
attribute=*	The attribute must exist and have any value

All the above filters can also be used with the opposite comparison.

Filter	Description
(!(attribute=value))	The attribute may not have the exact value ‘value’
(!(attribute=*value))	The attribute may not have a value that ends with ‘value’
(!(attribute=value*))	The attribute may not have a value that starts with ‘value’
(!(attribute=value))	The attribute may not have a value that contains ‘value’
(!(attribute=*))	The attribute may not contain any value

Multiple Filter Type

The multiple filter type can be used to when a more complex filter is desired. In this filter you can use multiple attributes and combine then with AND and OR logic.

The comparison sign allowed are == (equals) and != (not equal). The * (star) can be used in the value section of the comparison in the same way as described above in the singel filter type, to achieve the comparisons starts with, ends with, contains and contains any value.

Each pair of attribute name and value must be surrounded by parenthesis. The value between the comparison sign and the parenthesis is the value used for comparison, including any initial or final spaces.

Each attribute comparison can be combined with another attribute comparison using && (and) and || (or).

Examples

Example 1

(firstname==Sam)

The filter will be TRUE for all session objects containing a session attribute named ‘firstname’ with the value ‘Sam’.

Example 2

(firstname==Sam)&&(lastname==Smith)

The filter will be TRUE for all session objects containing a session attribute named ‘firstname’ with the value ‘Sam’ and a session attribute named ‘lastname’ with the value ‘Smith’.

Example 3

((firstname==Sam)&&(lastname==Smith))||((firstname==Mary)&&(lastname==Johnson))

The filter will be TRUE for all session objects containing a session attribute named ‘firstname’ with the value ‘Sam’ and a session attribute named ‘lastname’ with the value ‘Smith’. The filter will also be TRUE for all session objects containing a session attribute named ‘firstname’ with the value ‘Mary’ and a session attribute named ‘lastname’ with the value ‘Johnson’.

Example 4

(firstname==Sam)&&(lastname==Smith)&&(city!=London)

The filter will be TRUE for all session objects containing a session attribute named ‘firstname’ with the value ‘Sam’ and a session attribute named ‘lastname’ with the value ‘Smith’ but the session object must not contain a session attribute named ‘city’ with the value ‘London’.

Example 5

(firstname==Sam*)||(firstname==Mary*)

The filter will be TRUE for all session objects containing a session attribute named ‘firstname’ with the value starting with ‘Sam’ or starting with ‘Mary’.

Example 6

(firstname==*)

The filter will be TRUE for all session objects containing a session attribute named ‘firstname’ containing any value.

Example 7

(firstname!=*)

The filter will be TRUE for all session objects containing a session attribute named ‘firstname’ with no value and all session objects not containing any session attribute named ‘firstname’.

DISCLAIMER

Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se