kbasa_279826
Aug 02, 2016Nimbostratus
AD attributes in SAML assertion
Configured BIG-IP as an IDP and registered SAML Application as SP.
Added an AD Authentication and everything works as expected.
But now would like to pass few user attributes in the SAML asserti...
- Aug 02, 2016
Your first screenshot looks good/right, except that you probably want to give your attribute a much friendlier name(unless your application really wants/needs/expects that long name in http:// format). In order to get that AD Attribute, you need to do AD Query, so your policy looks right. I would suggest changing AD Query outcome to "AD Query Passed" result and you should be all set. If you want to support IDP-initiated logins or more than one SP at the same IDP, I suggest you create SAML Resources and then assign them via Resource Assignment VPE action along with the webtop for better user experience.