I've gone through the setup for Duo SSO and have successfully been able to login via Duo if AD LDAP users were created in JAMF. But I am unable to resolve Group membership with LDAP. The LDAP groups already exist in JAMF. I can also see with SAML Message Decoder we are passing group attributes.
I am trying to understand the function of the "Group Attribute Name" and "RDN Key for LDAP Groups" fields.
The group attribute name should be "memberOf" because that is the attribute we have mapped with Duo to pass group membership info, but all documentation says that it should be "http://schemas.xmlsoap.org/claims/Group". What is this URL?
And for the RDN Key I cannot put the LDAP string in the field because I get an error "Invalid Field" when I'm trying to put in "CN=Group_NAME,OU=All Groups,DC=example,DC=com" would this not be a correct RDN key?
Any insight into how to add AD LDAP group authentication.
