Forum Discussion
Hi ruancarloss,
you would use a Variable Assign in the Visiual Policy Editor and use a custom expression to filter for AD Groups with the string XYZ.
Here is very simple example, starting with the Access Policy.
And here is the Variable Assign (in my example I filter for all AD Groups with the string test and store them in the custom variable session.custom.mygroups.
set list "|"; foreach element [split [mcget {session.ad.last.attr.memberOf}] "|"] { if { $element contains "test"} { append list "$element|"; } } return $list;
The IdP configuration then uses my custom variable session.custom.mygroups for the SAML attribute MyGroups.
The resulting SAML token has the following attributes:
Does this answer your question?
KR
Daniel- ruancarlossNimbostratus
the loop created works and thank you.
However I need only the CN value to be delivered.
enjoying your scenery, the script delivers:
* CN=testgruppe1,OU=grou.....
* CN=testgruppe2,OU=grou.....would have to customize for the output to be:
* testgroupp1
* testgrouppe2Thank you for your help
The example below I had more or less ready for copy&paste.
I think you could use the trim command to customize the output to your desired format.Take a look here