I am trying to pass a specific Key/Value pair for SAML Response.
I have a couple groups: Test-Admin, Test-Restricted Admin, etc. My user is part of a group Test-Admin, my goal is to send the key/value pair of role : Admin. Another user is part of Test-Restricted Admin, his key/value pair should be role : Restricted Admin.
I tried using the GROUP ATTRIBUTE STATEMENTS: Name: role Filter: regex Value: Test-(.*)
This partially works as it does set the SAML Attribute, but i was looking for the specific section, not the entire group name: saml2:Attribute Name="role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">Test-Admin </saml2:AttributeValue> </saml2:Attribute>
The group attribute statement sends the entire group name along. You'd need a custom function in the attribute statement, or in the profile editor. If you have just two roles, create a custom attribute for that app, and map isMemberOfGroupName("Test-Admin") ? "Admin" : "Restricted Admin" to that value in the profile editor.