Forum Discussion

kbasa_279826's avatar
kbasa_279826
Icon for Nimbostratus rankNimbostratus
Aug 02, 2016
Solved

AD attributes in SAML assertion

Configured BIG-IP as an IDP and registered SAML Application as SP. Added an AD Authentication and everything works as expected.   But now would like to pass few user attributes in the SAML asserti...
  • Michael_Koyfman's avatar
    Aug 02, 2016

    Your first screenshot looks good/right, except that you probably want to give your attribute a much friendlier name(unless your application really wants/needs/expects that long name in http:// format). In order to get that AD Attribute, you need to do AD Query, so your policy looks right. I would suggest changing AD Query outcome to "AD Query Passed" result and you should be all set. If you want to support IDP-initiated logins or more than one SP at the same IDP, I suggest you create SAML Resources and then assign them via Resource Assignment VPE action along with the webtop for better user experience.