Forum Discussion

Nimbostratus

Jan 12, 2022

APM SAML group attribute

Hi, I am trying to match on Azure AD group attribute in the APM access policy but i don't get it to work, the APM is acting as SAML SP. I'm getting the attribute in the access reports -> variables a...

BIG-IP Access Policy Manager (APM)

security

Spider

Nimbostratus

Jan 17, 2022

Hi again, thanks for the response. I got this to work now, seems to have been a matter of whitespace, this works now using the expression:

expr {[mcget {session.saml.last.attr.name.http://schemas.microsoft.com/ws/ 2008/06/identity/claims/groups}] equals "<group-id-number>"}

I'm using the same structure as you are now, that seems to do the trick. :)

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

APM SAML group attribute

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Multiple value seperator in saml Attribute

SAML attributes

Certified Kubernetes Administrator - Study Group

Add SameSite attribute to APM Cookies

Lightboard Lessons: HTTP Cookie SameSite Attribute

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS