A user may belong to multiple AD groups. This guide describes how to return the list of groups the user belongs to in a SAML attribute.
| Section |
|---|
|
| Column |
|---|
Under SSO>Service Providers locate the SP you wish to add the attribute to.
Click on the Ellipses and select Edit from the drop-down menu that appears |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
| 
|
|
|
...
| Section |
|---|
|
| Column |
|---|
Add the following parameters: | Field | Value |
|---|
| Location: | HTTP Body | | Name: | This can be any name the SP requires however usually it is 'Groupsgroups' | | Format: | attrname-format:URIunspecified | | Script: | groups*?.name |
|
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
| 
|
|
|
...
| Section |
|---|
|
| Column |
|---|
Here are the groups that my test the AD account belongs to.. |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
| 
|
|
|
...
| Section |
|---|
|
| Column |
|---|
If I you log onto my SAML test app I the SAML website you can check to see if all the groups of which my the AD account is a member of, are returned in the Groups 'groups' attribute, by looking at the full SAML assertion... |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  |
|
|
| Section |
|---|
|
| Column |
|---|
And In this example, this is a screenshot from what the SAML test page returns.. |
| Column |
|---|
|
| Panel |
|---|
| borderColor | #9EBEE5 |
|---|
| bgColor | #f0f0f0 |
|---|
| borderWidth | 1px |
|---|
|  |
|
|
...