To manage roles, we created groups in our IdP starting with “Ignition-”
Is there a way in the IdP Attribute Mapping to use substring-after in the xpath so I can only manage Roles in ignition without “Ignition-”
Something like: substring-after(/saml2p:Response/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name=‘Roles’]/saml2:AttributeValue/text(), “Ignition-”)
I don’t think there is a clean way to do what you are asking for right now using just XPath or Ignition expressions. You may need to pass the collection of role strings to a jython script using the runScript expression function to do the filtering / manipulating of each role string in the collection (this only works in 8.1.1+), otherwise look to see if the IdP will support filtering out / transforming roles on its end based on which application the user is coming from (Ignition in this case).
Thanks. Ignition and our IdP are brand new, and we found a solution on the IdP side