Ping Identity PingAuthorize Server - Regex Replace Attributes Advice

PingAuthorize Server Documentation Index
Configuration Reference Home

Regex Replace Attributes Advice

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

Advice that allows a policy writer to search for attributes of a request or response using a regular expression, and replace them with a new value.

The payload for this advice is either a JSON object or an array of JSON objects. Each object represents a single replacement operation, and has up to four keys: "regex", "replace", "path", and "flags". Only "regex" and "replace" are required.

"regex" represents the regular expression used to find attribute values to be replaced, while "replace" represents the regex replacement string used to replace the attribute values with a new value. Optionally, "path" is a JSONPath representing the node(s) to start searching under, and "flags" is a string containing the regex flags to be used. Recognized flags are "i" for case-insensitive matching, "l" to interpret the "regex" value as a literal string, and "c" to perform "canonical equivalence" matching.

Any portion of the attribute value that matches the regular expression provided in the "regex" field is replaced in accordance with the provided replacement string. If multiple substrings within the attribute value match the regular expression, all occurrences will be replaced. The regular expression and replacement string must be valid as described in the API documentation for the java.util.regex.Pattern class, including support for capture groups.

For example, given a body of { "id": 5, "username": "jsmith", "description": "Has a registered ID number of '123-45-6789'.", "secrets": { "description": "Has an SSN of '987-65-4321." } } and a payload of {"path": "$.secrets", "regex": "(\\d{3}-\\d{2})-\\d{4}", "replace": "$1-XXXX"} the resulting body will be { "id": 5, "username": "jsmith", "description": "Has a registered ID number of '123-45-6789'.", "secrets": { "description": "Has an SSN of '987-65-XXXX." } }.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Regex Replace Attributes Advice component inherits from the Advice

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ advice-id	None
↓ decision-type
↓ evaluation-order-index

Basic Properties

advice-id (Read-Only)

Description	A unique identifier for the advice type. This ID must match the "code" string returned from a policy decision request.
Default Value	regex-replace-attributes
Allowed Values	A string
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

decision-type (Read-Only)

Description	A value indicating to what type of decisions this advice should be applied.
Default Value	PERMIT
Allowed Values	PERMIT - Only applied to PERMIT decisions. DENY - Only applied to DENY decisions.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

evaluation-order-index (Read-Only)

Description	If multiple Regex Replace Attributes Advice are returned from a single policy request, then this property governs the order in which the Regex Replace Attributes Advice will be processed by the Policy Enforcement Point. Obligatory Regex Replace Attributes Advice are processed first. Within the set of obligatory or non-obligatory Regex Replace Attributes Advice, those with a smaller evaluation-order-index will be evaluated first. If multiple Regex Replace Attributes Advice have the same evaluation-order-index, then their order of evaluation is indeterminate.
Default Value	50
Allowed Values	An integer value. Lower limit is 0.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Advice:

dsconfig list-advice
     [--property {propertyName}] ...

To view the configuration for an existing Advice:

dsconfig get-advice-prop
     --advice-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Advice:

dsconfig set-advice-prop
     --advice-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...