How to provide groups in SAML assertion

Summary: You want to provide groups in addition to the username in the SAML assertion.

Fix: Ensure that the groups are being sent in the "member-of" attribute statement. The GSA will parse this statement automatically and add these groups to the principal.

Here is an example of SAML 1.0 attribute statement:

    <saml:Attribute Name="member-of">

Here is an example of SAML 2.0 attribute statement:

    <saml2:Attribute FriendlyName="member-of" Name="member-of" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">

Additional Information: Please see this document for further information on configuring GSA with SAML IdP.

Versions affected: 7.4, 7.6 releases.

Was this helpful?
How can we improve it?