I have some Role generation rules that assign specific Roles based upon whether a user is in a specific AD group e.g. "UoY NEtwork Group" role assignment if (Authorization:UoY AD Authentication:memberOf CONTAINS cn=g0790stf,ou=Inst,ou=Groups,ou=UoY,DC=its,DC=york,DC=ac,DC=uk)
When creating eap-tls client certificates I set up the CN to be "userid-{4 digit hex number}@york.ac.uk"
This sort of screws up the UoY Network Group Role "as userid-abcd@york.ac.uk" certainly isn't in that AD group.
Is there any way of using a regex to strip out my userid from the start of the Full-Username and use that when comparing against contents of an AD group