We struck with scenario where we created custom attribute named “custom_familytype” in managed user object. We can utilize that attribute for IDM related operations using its “IDM property” name but when it comes to AM related operations like passing custom attribute in access token using token modification script it requires to utilize “AM attribute” name of that particular attribute and we couldn’t be able to find it.
So I need help to find corresponding am attribute name value for any custom attribute created through IDM in ForgeRock Identity Cloud.
Thanks in advance …!
what if I want to add this custom attribute “custom_familyname” in a SAML assertion? what would be the AM property for this attribute should I pass?
Thanks in advance!
If you are using journeys, you can read the value for ‘custom_familyname’ in a scripted node and set it as a session property called ‘familyName’.
Then in SAML assertion config, just map claim name to session property name. e.g. a claim called ‘family_name’ can be mapped to ‘familyName’ where ‘familyName’ is the session property.
By default, SAML attribute mapper will look for a user attribute called ‘familyName’. If it doesnt find it, it will look for a session property by the name ‘familyName’ and use that value for the claim.
You will have to whitelist ‘familyName’ as a session property for this approach.