Let's say you have an AG protected resource and you have the
authentication procedure set to use your NAM IDP that's using an
external SAML IDP.

How would you go about defining the Authorization policy?

Normally, if using eDir for everything (including the authentication)
I'd have a Role that said like:
If group membership BLAH or, if user in container BLAH BLAH

But none of this exists when using SAML.

I did notice there's an option to use contracts (if authentication
contract = something)
But what about LDAP attributes?

For example, if the SAML assertion that you get sends an attribute:

Can you have NAM use that and if the value = something, do the

(I'm asking because I've not gotten that far yet)

kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=47628