A user may belong to multiple AD groups. THis guide describes how to return the list of groups the user belongs to in a SAML attribute.
| Section |
|---|
|
| Column |
|---|
Under SSO>Service Providers locate the SP you wish to add the attribute to.
Click on the Ellipses and select Edit from the drop-down menu that appears |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
| 
|
|
|
| Section |
|---|
|
| Column |
|---|
Click on the Attributes tab and then click on Create |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
| 
|
|
|
| Section |
|---|
|
| Column |
|---|
Add the following parameters: | Field | Value |
|---|
| Location: | HTTP Body | | Name: | This can be any name the SP requires however usually it is 'groups' | | Format: | attrname-format:URI | | Script: | groups*.name |
|
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
| 
|
|
|
Remember to Save the changes
Please Test
| Section |
|---|
|
| Column |
|---|
Here are the groups that the AD account belongs to.. |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
| 
|
|
|
| Section |
|---|
|
| Column |
|---|
If you log onto the SAML website you can check to see if all the groups of which the AD account is a member of, are returned in the 'groups' attribute, by looking at the full SAML assertion... |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  |
|
|
| Section |
|---|
|
| Column |
|---|
In this example, this is what the SAML test page returns.. |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  |
|
|