Forum Discussion

heenakhanam0708's avatar
heenakhanam0708
Icon for Altocumulus rankAltocumulus
May 30, 2025
Solved

How to get group name CN from session.ad.last.attr.memberOf when there are multiple attribute value

Hi all,   When I use the session.ad.last.attr.memberOf variable the group values are like:   saml2:Attribute Name="groups" saml2:AttributeValue CN=webaccess,OU=Users,OU=mydomain,DC=com /saml2:At...
application delivery
  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Jun 17, 2025

    I found an error though causing duplicate entries

    you can use this one as custom expression

    set result ""
set groups [mcget {session.ad.last.attr.memberOf}]
foreach {full match} [regexp -all -inline {CN=([^,]+)} $groups] {
    append result "| $match "
}
append result "|"
return $result



Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Jun 17, 2025

heenakhanam0708​ could you please check for typos in your config
I just retest it and works fine, at least in my env

 

moreover in your first post you said that by default you see

saml2:Attribute Name="groups"

saml2:AttributeValue CN=webaccess,OU=Users,OU=mydomain,DC=com /saml2:AttributeValue

saml2:AttributeValue CN=webtest,OU=Users,OU=mydomain,DC=com /saml2:AttributeValue

saml2:AttributeValue CN=webfort,OU=Users,OU=mydomain,DC=com /saml2:AttributeValue

saml2:AttributeValue CN=webui,OU=Users,OU=mydomain,DC=com /saml2:AttributeValue

/saml2:Attribute"

How it's not showing anything now when use  session.ad.last.attr.memberOf ?

Injeyan_Kostas's avatar
Injeyan_Kostas
Icon for Nacreous rankNacreous
Jun 17, 2025

I found an error though causing duplicate entries

you can use this one as custom expression

set result ""
set groups [mcget {session.ad.last.attr.memberOf}]
foreach {full match} [regexp -all -inline {CN=([^,]+)} $groups] {
    append result "| $match "
}
append result "|"
return $result