Configure authorization based on Group attribute provided in SAML assertion

---

Instructions

Setup the SAML Authentication with Active Directory Federation Services 2.0 (ADFS) as per the below document

https://docs.netscaler.com/en-us/citrix-gateway/current-release/authentication-authorization/configure-saml.html#configuring-active-directory-federation-services-20

To set group value using the Attribute Name on SAML assertion.

E.g: <Attribute Name="http://schemas.xmlsoap.org/claims/Group"> where http://schemas.xmlsoap.org/claims/Group is the attribute you need to configure on SAML SP action


Then we have to create authorization policies based on the Groups the user is a member of. Policy Syntax

example: HTTP.REQ.USER.ATTRIBUTE(1).CONTAINS("mygroup")