Integration of user profile attributes into the SAML assertion

Hi,

Currently, delegated authentication has been tested and is working correctly (OPENIAM IDP). However, we have attempted to include additional user profile attributes, such as roles, in the SAML assertion without success.

We created several Groovy scripts without success. From the configured SAML Identity Provider, we defined the attribute to be returned with the following settings:

• Property Name: role

• Data Type: String

• Property Type: Groovy Script

• Property Value: /AM/SAMLROLES.groovy

Despite this configuration, the attribute is not being included in the SAML assertion. Could you please clarify the required steps or provide an example on how to correctly add user entitlements (roles or groups) to the SAML assertion so they can be consumed by the SP?

Kind Regards.

Hello @mlmoreno,

I can help with this. Can you please let me know which version of OpenIAM you are running?

Thanks,

Ameet

hi @ameet_shah ,

My current version is 4.2.1.15.170253.

Thanks for your help.

Mauro.

Hello @mlmoreno,

Please use the updated SAMLROLES.groovy script and follow the steps below. Also ensure that the remaining configuration remains consistent with the original setup.

Deployment Steps:

• Navigate to Admin UI → Groovy Script Manager → /AM/ and update SAMLROLES.groovy with the latest script.

• Perform a test SSO login and review the ESB logs. The log.info entry will indicate how many roles were retrieved.

• If the role count is 0, verify that the test user has roles properly assigned.

SAMLROLES.groovy (2.6 KB)

Please let me know if you have any questions.

Ameet