Group based Access Restriction using SAML


This topic has 3 replies, 2 voices, and was last updated 3 years, 2 months ago by Peter Major.

  • Author
  • #26536

    Hi everyone,

    I’m currently working with SAML2 Federation on OpenAM 13.5.1 and I have a below requirement, can someone please shed some light on it.

    Thanks in Advance.


    I have a requirement of denying access to the users who don’t exist part of a group.

    We have implemented custom attribute mapper as well, not sure if this can be don on our end though.

    We are the Hosted IDP and the resource the users are trying to access is protected resource.

    I have tried adding memberOf=”group-name” in attribute mapping section on SP Entitiy Configuration, that didn’t helped.

    I tried to add a policy in subrealm by adding a requirement of the group required, that didn’t helped too.

    can someone please provide som information on this?

    Thanks & Regards

     Peter Major

    This is the relevant RFE:

    Should be doable using a custom IdP Adapter implementation.


    thanks Peter I guess we would have to wait.

     Peter Major

    Either that, or you could download the example code attached to the ticket and make it suitable for your production requirements.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?