AM to lookup group membership before SAML generation

Tagged: 

This topic has 4 replies, 3 voices, and was last updated 3 years, 3 months ago by Bill Nelson.

  • Author
    Posts
  • #22311
     sureshchinta
    Participant

    Hello:

    Can AM module look-up the AD for a given group membership in addition to authenticating prior to generating a SAML assertion ?

    Thanks

    #22312
     Bill Nelson
    Participant

    Not by default. We have implemented this in a post operation plugin.

    #22340
     sureshchinta
    Participant

    Thank you for your response. While I need to find the post operation plugin, shouldn’t the lookup happen as a pre cursor to generating a SAML assertion – just commenting based on the name.

    Also does AM support any transformation of NameID value prior to generating a SAML assertion, I can’t seem to find that

    #22389
     Scott Heger
    Participant

    Correction, @bill-nelsonidentityfusion-com meant to say that we’ve implemented this in an IDP Adapter. If an IDP Adapter Class is defined in your IDP, it will get invoked after authentication and just prior to the SAML assertion being generated and sent to the SP.

    #22391
     Bill Nelson
    Participant

    Yeah, what @shegergmail-com said….

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?