Forum Discussion
Evgeny_Udaltsov
Jul 25, 2023Nimbostratus
Create Claime `groups` with value, set type `custom`:
[%{session.user.custom.memberOf}]
Create iRule and assingn it to the VS with your Access Policy:
# memberOf String Example: "| CN=RedGroup_Name,OU=_Groups,DC=example,DC=com | CN=GreenGroup_Name,OU=_Groups,DC=example,DC=com | ..."
when ACCESS_POLICY_AGENT_EVENT {
if {[ACCESS::policy agent_id] eq "memberOfCustomization"} {
set result {}
set pattern "Any Group's Filter Pattern"
# Get All User's Groups from the Session Var (String)
set memberOf [ACCESS::session data get "session.ldap.last.attr.memberOf"]
# Get List of "canonicalName" Strings
set groups [regexp -all -inline "CN=.*?(?=,)" $memberOf]
foreach elem $groups {
# Get Groups by Pattern
if {[string first $pattern $elem] != -1} {
# Replace 'CN=' to Nothing and Append Group to the 'result' List
append result \"[regsub "CN=" $elem ""]\",
}
}
ACCESS::session data set session.user.custom.memberOf $result
}
}
Inside your Access Policy add `iRule Event` block with `memberOfCustomization` EventID before your `OAuth Authorization` block.
APM ver 16.1.0
Hope it will be helpful 🙂