It is trivial to do this, for any credential attribute, provided of course the attribute is in the user's cred to start off with. Enbale the cred-viewer local application in ISVA at your SAML IDP, and inspect the credential to see what attributes are available. Next add this at the start of the IDP JS mapping rule used for SAML - to confirm that everything from the cred is in the STSUU that you start with when deciding what attributes to supply/filter from the cred into the SAML Assertion.
importPackage(Packages.com.tivoli.am.fim.trustserver.sts.utilities);
IDMappingExtUtils.traceString("idp mapping rule called with stsuu: " + stsuu.toString());
Once you confirm iv-groups is available in the session credential, the rest is really fairly easy, since you can use the methods from the STSUniversalUser class (the Java class of the stsuu context variable) to retrieve group names and add them to the AttributeList which will be used to construct the AttributeStatement of the SAML Assertion.
------------------------------
Shane Weeden
IBM
------------------------------
Original Message:
Sent: Tue October 18, 2022 07:28 AM
From: Rakesh Vohra
Subject: Adding iv-groups contents as SAML attribute
Hello,
I see that a set of AZN related attributes gets added as attribute to the default SAML 2.0 message. This set does not contain value for groups. Is there a configuration available to add it to the SAML response in ISVA 10.0.4. I have opened a support ticket for this too, but hoping I can get response here too.
Thanks,
Rakesh
------------------------------
Rakesh Vohra
Great Falls VA
2405683495
------------------------------