hello
I have ADFS working with my FR / FRIC setup (using private cloud for dev then push to FRIC). I need to be able to get the group claim from the adfs saml / assertion and map that to roles / groups in FR once the user has been matched. I do not see an interface / method in the sp adapter scripting to get / map roles from assertion content. Has anyone done this? See you can add for outbound but not seeing an inbound group => role mapping.
Need to pass user group attribute in SAML assertions in forgerock SP? - Integrations - ForgeRock Community
Thanks
Nick
Nick,
You may want to consider mapping the assertion context to an attribute on the Identity and then using Conditions on the Group/Role to dynamically provision the user. That way the user isn’t directly assigned, but rather conditionally. To do so:
- Select Identities > Manage > Alpha realm - Groups (or Roles) and select the group (or role) to add a condition to.
- Select the Settings tab and click Set up.
- Toggle the box and define the query filter to assess the condition (likely an attribute on that user).
- Click Save.
1 Like