Netscaler expression function challenge - citrix

Trying to check if a SAML attribute contains a role retrieved from a stringmap (the attribute contains a comma separated list of roles):
HTTP.REQ.USER.ATTRIBUTE(5).CONTAINS(HTTP.REQ.URL.QUERY.VALUE("pageid").MAP_STRING("UrlProtection"))
Unfortunately Netscaler complains: Only constant parameters are allowed for function ["pageid").MAP_STRING, 72]
Any ideas how to get around this?

if you are checking for specific group from list of groups extracted for user, you can do so using...
-searchFilter "memberOf=CN=VPNAllowed,OU=support,DC=citrix,DC=com"
-groupAttrName memberOf
For detail explanation, see
http://support.citrix.com/article/CTX111079

Related

Why is this empty?

Please does anyone know why this:
SELECT to_tsvector('an');
returns nothing but
SELECT to_tsvector('nn');
or
SELECT to_tsvector('n');
or
SELECT to_tsvector('aa');
do?
I am testing this on PostgreSQL 13 running on SUPABASE.
Thanks
Because "an" is a stop word in your current setup (probably English, the default).
From the documentation
The to_tsvector function internally calls a parser which breaks the document text into tokens and assigns a type to each token. For each token, a list of dictionaries (Section 12.6) is consulted, where the list can vary depending on the token type.
And (emphasis mine)...
Some words are recognized as stop words (Section 12.6.1), which causes them to be ignored since they occur too frequently to be useful in searching.

Azure APIM Policy Editor

I would very much like to be able to set Azure API Policy attributes based on a User's Jwt Claims data. I have been able to set string values for things like the counter-key and increment-condition but I can't set all attributes. I imagined doing something like the following:
<rate-limit-by-key
calls="#((int) context.Variables["IdentityToken"].AsJwt().Claims.GetValueOrDefault("/LimitRate/Limit", "5"))"
renewal-period="#((int) context.Variables["IdentityToken"].AsJwt().Claims.GetValueOrDefault("/LimitRate/Duration/InSeconds", "60"))"
counter-key="#((string)context.Variables["Subject"])"
increment-condition="#(context.Response.StatusCode == 200)"
/>
However there seems to be some validation happening when I save the policy as I get the following error:
Error in element 'rate-limit-by-key' on line 98, column 10: The 'calls' attribute is invalid - The value '#((int) context.Variables["IdentityToken"].AsJwt().Claims.GetValueOrDefault("/LimitRate/Limit", "5"))' is invalid according to its datatype 'http://www.w3.org/2001/XMLSchema:int' - The string '#((int) context.Variables["IdentityToken"].AsJwt().Claims.GetValueOrDefault("/LimitRate/Limit", "5"))' is not a valid Int32 value.
I even have trouble setting a string parameter (albeit one with a strict format)
<quota-by-key
calls="10"
bandwidth="100"
renewal-period="#((string) context.Variables["IdentityToken"].AsJwt().Claims.GetValueOrDefault("/Quota/RenewalPeriod", "P00Y00M01DT00H00M00S"))"
counter-key="#((string)context.Variables["Subject"])"
/>
Which gives the following when I try and save the policy:
Error in element 'quota-by-key' on line 99, column 6: #((string) context.Variables["IdentityToken"].AsJwt().Claims.GetValueOrDefault("/Quota/RenewalPeriod", "P00Y00M01DT00H00M00S")) is not in a valid format. Provide number of seconds or use 'PxYxMxDTxHxMxS' format where 'x' is a number.
I have tried a large set of variations casting, Convert.ToInt32, claims that are not strings, #{return 5}, #(5) etc but there seems to be some validation happening at save time that is stopping it.
Is there away around this issue as I think it would be a useful feature to add to my API?
calls attribute on rate-limit-by-key and quota-by-key does not support policy expressions. Internal limitations block us from treating it on per-request basis unfortunately. The best you can do is categorize requests into a few finite groups and apply rate limit/quota conditionally using choose policy.
Or try using increment-count attribute to control by how much counter is increased per each request.

AEM CQ5 Query Builder: How to get result by searching for 2 different values in same property?

I want to get result matches with all nodes contains property 'abc' value as 'xyz' or 'pqr'.
I am trying in below ways:
http://localhost:4502/bin/querybuilder.json?path=/content/campaigns/asd&property=abc&property.1_value=/%xyz/%&property.2_value=/%pqr/%property.operation=like&p.limit=-1&orderby:path
http://localhost:4502/bin/querybuilder.json?path=/content/campaigns/asd&property=abc&property.1_value=/%xyz/%&property.2_value=/%pqr/%&property.1_operation=like&property.2_operation=like&p.limit=-1&orderby:path
http://localhost:4502/bin/querybuilder.json?path=/content/campaigns/asd&1_property=abc&1_property.1_value=/%xyz/%&1_property.1_operation=like&2_property=abc&1_property.1_value=/%xyz/%&2_property.1_operation=like&p.limit=-1&orderby:path
But none of them served my purpose. Any thing that I am missing in this?
The query looks right and as such should work. However if it is just xyz or pqr you would like to match in the query, you may not need the / in the values.
For eg.
path=/content/campaigns/asd
path.self=true //In order to include the current path as well for searching
property=abc
property.1_value=%xyz%
property.2_value=%abc%
property.operation=like
p.limit=-1
Possible things which you can check
Check if the path that you are trying to search contains the desired nodes/properties.
Check if the property name that you are using is right.
If you want to match exact values, you can avoid using the like operator and remove the wild cards from the values.
You can actually use the 'OR' operator in your query to combine two or more values of a property.
For example in the query debug interface : http:///libs/cq/search/content/querydebug.html
path=/content/campaigns/asd
property=PROPERTY1
property.1_value=VALUE1
property.2_value=VALUE2
property.operation=OR
p.limit=-1
It worked with below query:
http://localhost:4502/bin/querybuilder.json?orderby=path
&p.limit=-1
&path=/content/campaigns
&property=jcr:content/par/nodeName/xyz
&property.1_value=pqr
&property.2_value=%abc%
&property.operation=like
&type=cq:Page
Note: property name should be fully specified form the type of node we are expecting.
Ex: jcr:content/par/nodeName/xyz above instead of just xyz

Retrieving an RDN from an Active Directory User Object

Is it possible to retrieve the RDN of a user object in Active Directory with the attribute intact.
I've done a lot of reading on this and found that an AD user object stores the RDN in an property called "name". Supposedly the value of the name (rdn) property should be something like name = "cn=Smith, Joe". The cn attribute is part of what should be returned. However whenever I retrieve the name property of an object the "cn=" always seems to be missing. For instance
$foo = get-aduser -filter 'Name -like "Smith, Joe"'
$foo.name
will return "Smith, Joe" not "cn=Smith, Joe". Is there someway to query and get the full RDN to return?
An alternative, is to grab the full DN of the object, split the DN, and display the first element in the resulting array, which will be the RDN, either CN= or otherwise, object dependent
$((foo.distinguishedname).split(","))[0]
Not really an answer but informations :
First the attributeId of the RDN attribute is fixed by the schema :
On the RDN point of view Active-Directory inherit from X500 standard. That is to say that you don't choose the attribute you want to create the RDN (in other LDAP directories you can). In Active-Directory the RDN attribute is given in the class schema by rDNAttID, it specifies the attributeId of the RDN attribute. If you look the schema for the class user it's CN.
So you can use :
"CN=$((get-aduser 'Smith, Joe').Name)"
Second do the following experiment :
In an OU create a user called 'Mananegement' you have the following DN CN=MAnagement,OU=MyOU,... now try to create, in the same OU, an OU named 'Mananegement' it should create an object with the following DN OU=MAnagement,OU=MyOU,..., but you receive an error. This error makes me beleive that somehow Active-Directory consider 'Mananegement' as the RDN and not 'CN=Mananegement' like others directories.
$current.Substring($current.IndexOf('OU='))

What are the rules for a valid variable name in mirth?

I am trying to set up a transformer on a Database Reader to file writer channel. I am reading in a sql field called MRN which I would like to send to a variable called mrn. I added a step to a channel with a variable called tmp['MSH'] mapping to a variable called msg['MSH'] But mirth is giving me the error message:
The variable name contains invalid characters. Please enter a new variable name
What are the rules for a valid variable name in mirth?
tmp and msg are two built-in variables containing E4X mappings of the outbound template and inbound message, respectively. You would map, via a MessageBuilder step, from inbound to outbound with tmp['MSH'][...] = msg['MSH']... where ... refers to the appropriate sections. Essentially these are pre-populated javascript property arrays.
If you really want to create a variable for use in multiple places, the rules are alphanumeric plus '_', I believe.
In a MessageBuilder step, you could refer to a previously created variable with ${varname}.
I would recommend investing a little time in getting familiar with the basics. Documentation is wanting, to be sure, but this blog post series are a good place to start.