Forum Discussion

Nimbostratus

Nov 11, 2022

saml attribute - multiple value separate per string

I have the following need in the "Saml attribute" settings of the SAML IDP server, I need a variable to assign in the apm, filtering all groups that contain the XYZ text, and each value being deliver...

application delivery

Daniel_Wolf

MVP

Nov 11, 2022

Hi ruancarloss,

you would use a Variable Assign in the Visiual Policy Editor and use a custom expression to filter for AD Groups with the string XYZ.

Here is very simple example, starting with the Access Policy.

And here is the Variable Assign (in my example I filter for all AD Groups with the string test and store them in the custom variable session.custom.mygroups.

set list "|";
foreach element [split [mcget {session.ad.last.attr.memberOf}] "|"] {
    if { $element contains "test"} {
        append list "$element|";
    }
}
return $list;

The IdP configuration then uses my custom variable session.custom.mygroups for the SAML attribute MyGroups.

The resulting SAML token has the following attributes:

Does this answer your question?

KR
Daniel

Forum Discussion

saml attribute - multiple value separate per string

Recent Discussions

Find GSLB pool membership from vip IP

Pool Members communication with B-party via F5 VIP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Related Content

Format objectGUID attribute from hexadecimal to bindable string (hyphen-separated format)

Multiple value seperator in saml Attribute

Log separation by event

AD Authentication using multiple user attributes

https and separate port VS