Forum Discussion
Hi Pete, thanks for your reply. From the link you posted, i see that this expression was said to be useful in the variable assign block which is in the VPE of the access per request policy. Is it possible to use this same expression the per session policy for the advanced resource assign expression box? Secondly, while using this expression to specify groups, is there any where in the SP, IDP connector settings of the SAML that i have to specify this attirbute value in the expression you posted. I am asking because i have seen a box in the IDP connector settings named identity attribute location and i wouldnt know what is required in that box in the idp connector setting.
okay. This is what i am trying to do. I integrated my F5 APM with Azure using SAML for authentication and so as to setup SSO. SAML consists of IDP and SP. In my case, Azure is my IDP and F5 APM is my SP. Now you know when configuring the SAML on F5, you setup Local SP service and External IDP connector. Now the essence of my question is that, the SAML generates assertions from the IDP which contains session variables and attributes. Now i want the groupID attribute to be part of the assertion sent to F5 so that the VPE can process it and with my expression for specific azure GroupID, I can assign resources. Do you get this?