我有一个 IP-STS,它发出的声明包含一个 & 符号。在声明提供商信任上使用 AD FS,我似乎无法对其进行转换。如果我从声明中删除 & 符号,它就会正确转换。
转换声明的正确语法是什么?
申索内容:
<saml:Attribute AttributeName="facid" AttributeNamespace="http://esat.to/identity/claims/fwltc">
<saml:AttributeValue>Foo's Pharmacy & Rehab (555-123-4567)</saml:AttributeValue>
</saml:Attribute>
变换规则(不匹配):
c:[Type == "http://esat.to/identity/claims/fwltc/facid", Value == "Foo's Pharmacy & Rehab (555-123-4567)"]
=> issue(Type = "http://esat.to/identity/claims/fwltc/facid", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = "FOO", ValueType = c.ValueType);
变换规则 #2(也不匹配):
c:[Type == "http://esat.to/identity/claims/fwltc/facid", Value == "Foo's Pharmacy & Rehab (555-123-4567)"]
=> issue(Type = "http://esat.to/identity/claims/fwltc/facid", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = "FOO", ValueType = c.ValueType);
答案1
由于某种原因,“与”符号会阻止 AD FS 匹配。如果您使用 UI 生成转换,您会发现 AD FS 生成正则表达式匹配:
c:[Type == "http://esat.to/identity/claims/fwltc/facid", Value =~ "^(?i)Foo's\ Pharmacy\ &\ Rehab\ \(555-123-4567\)$"]
=> issue(Type = "http://esat.to/identity/claims/fwltc/facid", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = "FOO", ValueType = c.ValueType);
这会产生相同的效果,但避免匹配“&”符号的问题。