[KNOX-1078] Add option to preserve original string when lookup fails in regex based identity assertion provider - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 0.11.0
Fix Version/s: 0.14.0
Component/s: Server
Labels:
None

Flags:

Patch

Description

Currently the Regex identify-assertion supports 'lookup' feature. When the output matches any of the strings in the 'lookup' dictionary, it'll replace the string with the new value. If there's no match, it'll replace the original string with empty string.

            <provider>
            <role>identity-assertion</role>
            <name>Regex</name>
            <enabled>true</enabled>
            <param>
                <name>input</name>
                <value>(.*)@(.*?)\..*</value>
            </param>
            <param>
                <name>output</name>
                <value>{1}_{[2]}</value>
            </param>
            <param>
                <name>lookup</name>
                <value>us=USA;ca=CANADA</value>
            </param>
        </provider>

member@us.apache.org will be translated to /user/member_USA
member@ca.apache.org will be translated to /user/member_CANADA
member@uk.apache.org will be translated to /user/member_

This patch adds an optional field use.original.on.lookup.failure. If sets to true(defaults to false), it'll preserve the original string if there's no match. So after this patch,
member@uk.apache.org will be translated to /user/member_uk

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-RegexIdentityAssertionFilter-add-an-option-to-preser.patch
09/Oct/17 23:25
6 kB
Wei Han

Activity

People

Assignee:: Wei Han

Reporter:: Wei Han

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/Oct/17 23:35

Updated:: 28/Mar/19 14:07

Resolved:: 30/Oct/17 14:58