I'm using SAML for login into my app, I would like to include the user groups in attributes in the login response assertion. I'm wondering if the login request should specify that the attribute is required, or if this is a configuration that needs to be done on the IDP in general, or in the IDP specifically for my service provider.
I've created Identify Provider in OpenAM and have my own APP Service Provider configured in OpenAM as remote SP as well, I've also created a user in OpenAM and assigned it to a group, however, I'm not seeing the group in the response assertion, even when I tried to map the value in OpenAM manually, the memberOf attribute always returned empty. Any information will be highly appreciated.
Shay