AM to lookup group membership before SAML generation


This topic has 4 replies, 3 voices, and was last updated 3 years, 3 months ago by Bill Nelson.

  • Author
  • #22311


    Can AM module look-up the AD for a given group membership in addition to authenticating prior to generating a SAML assertion ?


     Bill Nelson

    Not by default. We have implemented this in a post operation plugin.


    Thank you for your response. While I need to find the post operation plugin, shouldn’t the lookup happen as a pre cursor to generating a SAML assertion – just commenting based on the name.

    Also does AM support any transformation of NameID value prior to generating a SAML assertion, I can’t seem to find that

     Scott Heger

    Correction, @bill-nelsonidentityfusion-com meant to say that we’ve implemented this in an IDP Adapter. If an IDP Adapter Class is defined in your IDP, it will get invoked after authentication and just prior to the SAML assertion being generated and sent to the SP.

     Bill Nelson

    Yeah, what @shegergmail-com said….

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?