How do I configure a response to return user's group name in header variable (Legacy KB ID: 187958)

Document ID : KB000054621
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The users in our sso environment are members of one of several groups. When they access an application in our sso environment, we'd like sm to return to the application the user's group name in a header variable.


Solution:

SM_USERGROUPS is a response group that contains a (^) delimited list of the groups to which an authentiated user belong. ItĀ is a parameter documented in the SiteMinder Policy Server guide.

SM_USERGROUPS is just a SiteMinder Generated User Attribute that can be used if desired, set as an HTTP Header response, that fires on authentication or authorization.
It is populated by creating the response as a User Attribute with both a variable and attribute name of SM_USERGROUPS.
It will have a value as follows: SM_USERGROUPS=<%userattr="SM_USERGROUPS"%>
This will return a header response with the value of any group that the user is a member of : for example :
SM-USERGROUPS cn=Engineers,o=ca.com