Forum Discussion
May 02, 2019
Not sure if this is an answer to your question, but with the Variable Assign agent you will fill the
session.logon.last.username
session variable with the content of a session.saml
session variable, for example session.saml.last.identity
. Then you will use the AD Query agent to perform an AD query like (sAMAccountName=%{session.logon.last.username})
and fetch the AD attributes you need for this user.
It could also be that the IDP sends the e-mail address of the user, and you'll need to do a query on the AD using the e-mail address, to resolve the SAMAccountName. Either way you'll need some unique identifier that the IDP passes as an SAML attribute that helps you identify the user in your AD.