WS-FED: Mult-Valued Attribute sent as Custom Attribute Statement

I have 2 issues here:

  1. I have a Custom Attribute Statement (…ws/2016/identity/claims/location). The locations are set up as GUIDs, for example: db141fe0-db76-46c8-9e63-2501d5fd444b is Location 1 and cdc23c8b-9ca9-4f22-92aa-d1525a83718c is Location 2.

If I enter a single location …ws/2016/identity/claims/location|db141fe0-db76-46c8-9e63-2501d5fd444b| it works.

If I enter 2 or more locations …ws/2016/identity/claims/location|db141fe0-db76-46c8-9e63-2501d5fd444b;cdc23c8b-9ca9-4f22-92aa-d1525a83718c| it does not work, and actually won’t even let me save it, it just does nothing.

  1. Once the first part is set up, I also need to be able to call a Custom Attribute that I created in the app profile associated. I have the string created but, I am unable to pull it into the Custom Attribute Statement. I tried: …ws/2016/identity/claims/location|${appuser.TLOC}| but, I get an error.

I also have a case open with OKTA but, if anyone has any idea of what to do I would be very appreciative.

Thank you,

It was determined that there is a limit on how much can be sent over and since the GUIDs are so long it would truncate and error. According to support there is currently no way to add more characters.