When certificate-based authentication is used, it is possible to include client certificate information in a SAML assertion. This can be enabled on the service provider configuration page, the “Add Certificate Information” checkbox. When enabled, the certificate information will be available to the service provider as SAML attribute statements. Below is the list of names for certificate attributes that may be present in a SAML assertion.
NOTE, The serial number values (CA.Certificate.SerialNumber and Certificate.SerialNumber) is in hex format without white spaces.
CA.Certificate.SerialNumber
Certificate.SerialNumber
Certificate.Issuer
Certificate.Issuer.CommonName
Certificate.Issuer.GivenName
Certificate.Issuer.Surname
Certificate.Issuer.OrganizationName
Certificate.Issuer.CountryName
Certificate.Issuer.EmailAddress
Certificate.Subject
Certificate.Subject.CommonName
Certificate.Subject.GivenName
Certificate.Subject.Surname
Certificate.Subject.SerialNumber
Certificate.Subject.OrganizationName
Certificate.Subject.CountryName
Certificate.Subject.EmailAddress
Under User general settings select SAML session as Attribute source and the IdP sending the attributes as Source. Then fill in the fields Attribute name and Attribute value,
Attribute name: Certificate.Issuer.CommonName
Attribute value: thesecurecompany
This will make all users that has logged in with a certificate issued by thesecurecompany members of this group.