The attribute 'memberOf' in the directory will have multiple values associated with different application access, so to customize the value to hold only the role specific to the application to which sending the SAML response, only the group name, not including 'CN=', etc.

Release: 12.8.xx.xx and 12.9 (Applicable to all the supported releases)
Component: FEDMA : SiteMinder Federation(Federation Manager)

This can be done by mapping the attribute with expression.

RDN(BEFORE(STRING(FILTER(SM_USERGROUPS, <pattern>)),'^')) 

The <pattern> is identical for specific group, the expression will return the first matched group, or empty if not found.

- For example:

The result will look like, 

            <ns2:Attribute Name="memberof" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
                <ns2:AttributeValue>Backup Operators</ns2:AttributeValue>
            </ns2:Attribute>

- Documentation for reference:

Operators