Forum Discussion

ruancarloss's avatar
ruancarloss
Icon for Nimbostratus rankNimbostratus
Nov 11, 2022

saml attribute - multiple value separate per string

I have the following need in the "Saml attribute" settings of the SAML IDP server, I need a variable to assign in the apm, filtering all groups that contain the XYZ text, and each value being deliver...
application delivery
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Nov 11, 2022

Hi ruancarloss,

you would use a Variable Assign in the Visiual Policy Editor and use a custom expression to filter for AD Groups with the string XYZ. 

Here is very simple example, starting with the Access Policy.

And here is the Variable Assign (in my example I filter for all AD Groups with the string test and store them in the custom variable session.custom.mygroups.

 

set list "|";
foreach element [split [mcget {session.ad.last.attr.memberOf}] "|"] {
    if { $element contains "test"} {
        append list "$element|";
    }
}
return $list;

 

The IdP configuration then uses my custom variable session.custom.mygroups for the SAML attribute MyGroups.

The resulting SAML token has the following attributes:

 

Does this answer your question?

KR
Daniel