Sending specific active directory groups as SAML attributes
This is a two part question. We are building out SSO with a new Service Provider (SP). The SP is looking for specific Active Directory group(s) that they will use to determine the user's role. The attribute we are passing is named "RoleName" and the value is %{session.ldap.last.attr.memberOf}. Is there a way we can send just the groups they need instead of sending all groups the user is a member of? How can everything after the first CN be stripped off? For example, if member of returns CN=abc group,CN=Users,DC=company,DC=com and you want to return just "abc group". We are running F5 Big-IP LTM and APM version 12.1.2.