Application object

The Privileged Access Service creates a single Application object for each SAML user session. The object is an instance of the ReadOnlyDataEntity class, and is a read-only object.

The Application object’s properties describe the SAML web application as it’s defined in the application profile. Create a SAML web application profile in the Admin Portal using the customSAML application template (described in Custom SAML applications).

A script accesses the object’s properties using the object’s single public function.

Function Name

Description

Application.Get(property)

This function returns an Application object property. It takes as its argument a string that specifies the property to return. An example: Application.Get(“Name”) returns the name of the application as entered in the Application Settings tab.

The Application.Get() function may take the following property names as an argument. Each argument returns a different application property. The property names are case-sensitive.

Property Name

Description

_PartitionKey

The customer ID used to establish the user session. An example: BZ284.

_RowKey

The UUID (universally unique identifier) of the application.

Description

The text description of the web application entered in the description field of the Application Settings tab.

Icon

The graphic file used as the icon for this application as set in the Application Settings tab.

Issuer

The entity ID specified in the Issuer field of the Application Settings tab. Synonymous with the global variable Issuer.

Name

The name of the application as entered in the Application Settings tab.

SamlScript

The custom SAML script set in the Advanced tab.

TemplateName

The type of generic application template used to define this web application’s profile. Possible return values:

Generic SAML

Generic User-Password

Url

The contact URL specified in the URL field in the Application Settings tab. Synonymous with the global variable ServiceUrl.

UserName Strategy

The technique specified in the Application Settings tab to determine the user name (user identity) for a user session. Possible return values:

ADAttribute: the Privileged Access Service sets the user name to the specified AD attribute of the current user. The Privileged Access Service queries the connector for the AD attribute. The Privileged Access Service caches the user name so that it doesn’t have to query the connector for this user’s future sessions.

Fixed: the Privileged Access Service sets the user name to the value entered in the Application Settings tab.

UseScript: the Privileged Access Service executes the user map script to determine the user name.

WebAppType

The authentication function used by the web application. Possible return values:

SAML

UsernamePassword