Forum Discussion
Nimbostratussaml attribute - multiple value separate per string
I have the following need in the "Saml attribute" settings of the SAML IDP server, I need a variable to assign in the apm, filtering all groups that contain the XYZ text, and each value being delivered as a separate string follows below as needed, and how the f5 delivers.
3 Replies
- Daniel_Wolf
MVP
Hi ruancarloss,
you would use a Variable Assign in the Visiual Policy Editor and use a custom expression to filter for AD Groups with the string XYZ.
Here is very simple example, starting with the Access Policy.
And here is the Variable Assign (in my example I filter for all AD Groups with the string test and store them in the custom variable session.custom.mygroups.
set list "|"; foreach element [split [mcget {session.ad.last.attr.memberOf}] "|"] { if { $element contains "test"} { append list "$element|"; } } return $list;The IdP configuration then uses my custom variable session.custom.mygroups for the SAML attribute MyGroups.
The resulting SAML token has the following attributes:
Does this answer your question?
KR
Daniel 
ruancarlossthe loop created works and thank you.
However I need only the CN value to be delivered.
enjoying your scenery, the script delivers:
* CN=testgruppe1,OU=grou.....
* CN=testgruppe2,OU=grou.....would have to customize for the output to be:
* testgroupp1
* testgrouppe2Thank you for your help
- Daniel_Wolf
The example below I had more or less ready for copy&paste.
I think you could use the trim command to customize the output to your desired format.Take a look here
