Custom Claim using AD attribute `memberOf`

I’m trying to write a custom claim using the memberOf attribute from AD. This is how I wrote the claim.

Using token preview, I see this.

I suspect I must be writing the custom claim wrong. Any help would be greatly appreciated!

Resolved. Needed to configure universal directory, create a mapping between the AD attribute to a variable name. Then created a custom authorization server because the default only allows for claims specified by the OIDC spec.

1 Like

@william: I’m trying to accomplish the same task: pass AD memberOf groups through to an OpenID client.

It looks like you got this working, could you share the full process??