Layer 7 Access Management

Expand all | Collapse all

Expression to send group name in SAML

Jump to Best Answer
  • 1.  Expression to send group name in SAML

    Posted 08-26-2019 12:12 PM
    Hi,
    We have 12 groups and user will be part of anyone among these groups.
    I need to send the display name of that group where user is present as SAML response.
    SAML response should contain only one display name of that user belongs to but not extra empty lines as below.

    <ns2:Attribute Name="Roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
         <ns2:AttributeValue>DisplayName1</ns2:AttributeValue>
         <ns2:AttributeValue>DisplayName1</ns2:AttributeValue>
    </ns2:Attribute>

    Response should be like this for the user:

    <ns2:Attribute Name="Roles" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
       <ns2:AttributeValue>DisplayName1</ns2:AttributeValue>
    </ns2:Attribute>

    I am able to get display name from 2 groups using expression but not from 12 groups.
    Any suggestions?


  • 2.  RE: Expression to send group name in SAML

    Posted 09-03-2019 11:10 AM
    Can someone suggest on this please?


  • 3.  RE: Expression to send group name in SAML
    Best Answer

    Posted 09-06-2019 10:44 AM
    Found the Expression (GET('isMemberOf') CONTAINS ('Admin') ? 'DisplayName1' : '') + (GET('isMemberOf') CONTAINS ('Reviewer') ? 'DisplayName2' : '') + (GET('isMemberOf') CONTAINS ('Viewer') ? 'DisplayName3' : ''). It worked.