Custom Claim using AD attribute `memberOf`


#1

Hi,
I’m trying to write a custom claim using the memberOf attribute from AD. This is how I wrote the claim.

Using token preview, I see this.

I suspect I must be writing the custom claim wrong. Any help would be greatly appreciated!


Adding Active Directory Group Name Membership in ID Token
#2

Resolved. Needed to configure universal directory, create a mapping between the AD attribute to a variable name. Then created a custom authorization server because the default only allows for claims specified by the OIDC spec.


Adding Active Directory Group Name Membership in ID Token
#3

@william: I’m trying to accomplish the same task: pass AD memberOf groups through to an OpenID client.

It looks like you got this working, could you share the full process??

-G