Forum Discussion

FI_2016_187929

Nimbostratus

Feb 19, 2015

SAML SSO send specific AD Group in Assertion

We are using F5 APM as IdP and are trying to send AD Groups in our SAML assertion to the SP using the attribute session.ldap.last.attr.memberof. Some of our AD groups have special character, causing...

application delivery

BIG-IP Access Policy Manager (APM)

Cirrostratus

Feb 19, 2015

One option would be to look into the ACCESS_POLICY_AGENT event, which can be called during the login flow in the VPE. You could have the iRule parse the memberof session variable (using ACCESS::session data get and populate a new session variable ACCESS::session data set with the desired value(s), then pass that.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SAML SSO send specific AD Group in Assertion

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

ha group

Interrogate Pool Member Priority Group from iRule

check the utilization on specific node

Load balancing method specific decision

Welcome to the F5 XC Community User Group

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS