Forum Discussion
6 Replies
- Josiah_39459Historic F5 Account
Since you already have the memberOf session variable and this is a subset. I'd just run the split command on memberOf and iterate through the results to make your new list of F5- only ones.
https://www.tcl.tk/man/tcl8.4/TclCmd/split.htm
- brad_11480Nimbostratus
Yes, perfect...
set list "|"; foreach element [split [mcget {session.ad.last.attr.memberOf}] "|"] { if { $element contains "XYZ"}{ append list "$element|"; } } return $list;
Returns all groups that contain the string "XYZ" in an abbreviated list.
- Walter_KacynskiCirrostratusWhy would this be necessary? APM will cache all AD groups in the domain regardless of this filter.
- Daniel_VarelaEmployee
You can use a Variable Assign box with an expression like this:
set list "|"; foreach element [split [mcget {session.ad./Common/myPolicy_act_active_directory_query_ag.attr.member}] "|"] { if { $element contains "Adm"}{ append list "$element | "; } } return $list;
I assigned it to a variable session.custom.myvar. You will need to modify your session variable accordingly but it should work.
- Shane_Hickey_19NimbostratusSorry, I should have provided more information. We are actually passing these session variables as SAML attributes to another product (zscaler). And, it turns out that you can't have more than 8 groups on that device, so we need a way to filter them down to just the groups that are meaningful to the zscaler configuration.
- Lue_Yang_367981Nimbostratus
Newbie here, so please excuse me for not understanding.
thanks all for this post and answers! Took me a while to find this and it works great for me if I have multiple groups containing "XYZ". However, If I have only one group it appends the pipe in front and back of the single value. Was hoping to just return the single value.
Any help would be great!
Thank you