Integration of user profile attributes into the SAML assertion

mlmoreno · April 13, 2026, 2:59pm

Hi,

Currently, delegated authentication has been tested and is working correctly (OPENIAM IDP). However, we have attempted to include additional user profile attributes, such as roles, in the SAML assertion without success.

We created several Groovy scripts without success. From the configured SAML Identity Provider, we defined the attribute to be returned with the following settings:

Property Name: role
Data Type: String
Property Type: Groovy Script
Property Value: /AM/SAMLROLES.groovy

Despite this configuration, the attribute is not being included in the SAML assertion. Could you please clarify the required steps or provide an example on how to correctly add user entitlements (roles or groups) to the SAML assertion so they can be consumed by the SP?

Kind Regards.

ameet_shah · April 14, 2026, 3:49pm

Hello @mlmoreno,

I can help with this. Can you please let me know which version of OpenIAM you are running?

Thanks,

Ameet

mlmoreno · April 15, 2026, 5:35am

hi @ameet_shah ,

My current version is 4.2.1.15.170253.

Thanks for your help.

Mauro.

Topic		Replies	Views
Provision custom attribute values to AD Identity Life Cycle Management	1	36	September 4, 2025
Attributes missing in different stages of user lifecycle Identity Life Cycle Management	3	40	October 8, 2025
Facing Issues with MSOLService Deprecation — Best Practice for Azure SSO with OpenIAM? SSO	30	385	October 10, 2025
Finding Users with Groovy Script in OpenIAM Knowledge Base	0	38	December 17, 2024
Edit Approver Association for Activiti Request Workflows & Access Request	2	36	September 1, 2025

Integration of user profile attributes into the SAML assertion

Related topics