Forum Discussion

rkram_p's avatar
Icon for Altostratus rankAltostratus
Apr 21, 2022

APM- Dynamic Resource assignment based on SAML attributes

Hi Team,

Please help me to write expression( Advance resource assignment) to assign resources based on SAML attribute condition.

Access policy:

Machine cert auth --> SAML --> Endpoint check --> Advance resouce assignment 


Sample user logs:

File=modules/Authentication/Saml/SamlSPAgent.cpp;Function=parseAssertion;Line=4836;Message=AttributeName: exter.extactivitycenter;"
File=modules/Authentication/Saml/SamlSPAgent.cpp;Function=parseAssertion;Line=4847;Message=ATTR_NAME: (32) exter.extactivitycenter;"
File=modules/Authentication/Saml/SamlSPAgent.cpp;Function=parseAssertion;Line=4896;Message=AttributeValue: 20034567;"

Attribute Name: exter.extactivitycenter

Attribute value: 20034567


I tried below Resource assignment expression formats (advance) in Advace resouce assignment but no luck.

1) 20034567
2)expr {[mcget {}] == 20034567}
3)expr { [mcget {}] contains "20034567" }

Please guide me to use correct expression format to assign dymanic resources ( Network access profile, ACL, webtop).



3 Replies

  • Hello rkram_p

    Maybe with this expression:

    expr {[mcget {}] eq "20034567"}

    But I would say that your syntax is valid. Please, could you check your user variables to verify that both values exist?

    • 20034567

    One easy way to check this is to use a message box before ending the policy evaluation. At this precise moment, check the variables to confirm that both values exist


  • Thank you for your suggestion.

    This value we got it from user access session. (SAML response).

    do you think, can we add variable agent post successful SAML response and log that variable as a custom one and use that condition in adv resource.?