WS-FED: Mult-Valued Attribute sent as Custom Attribute Statement


I have 2 issues here:

  1. I have a Custom Attribute Statement (…ws/2016/identity/claims/location). The locations are set up as GUIDs, for example: db141fe0-db76-46c8-9e63-2501d5fd444b is Location 1 and cdc23c8b-9ca9-4f22-92aa-d1525a83718c is Location 2.

If I enter a single location …ws/2016/identity/claims/location|db141fe0-db76-46c8-9e63-2501d5fd444b| it works.

If I enter 2 or more locations …ws/2016/identity/claims/location|db141fe0-db76-46c8-9e63-2501d5fd444b;cdc23c8b-9ca9-4f22-92aa-d1525a83718c| it does not work, and actually won’t even let me save it, it just does nothing.

  1. Once the first part is set up, I also need to be able to call a Custom Attribute that I created in the app profile associated. I have the string created but, I am unable to pull it into the Custom Attribute Statement. I tried: …ws/2016/identity/claims/location|${appuser.TLOC}| but, I get an error.

I also have a case open with OKTA but, if anyone has any idea of what to do I would be very appreciative.

Thank you,