Script Attribute Provider

The Script Attribute value provider executes custom JavaScript procedures to compute attributes dynamically. This provider enables transformation logic, data enrichment, and complex attribute calculations based on multiple inputs, offering maximum flexibility for attribute generation.

The Script Attribute Provider runs a JavaScript procedure at assertion issuance time to produce attribute name/value pairs. This enables custom business logic, attribute transformation, conditional attribute inclusion, and integration patterns that other provider types cannot support.

Use Cases#

The Script attributes value provider enables custom attribute value generation logic and complex transformation scenarios.

Common use cases include:

  • Attribute Transformation: Transform or reformat attributes from other sources before including them in assertion, such as normalizing phone numbers or converting data formats
  • Conditional Attributes: Apply business logic to determine which attributes to include based on user attributes, authentication context, or service provider properties
  • Data Enrichment: Combine attributes from multiple sources to create derived attributes, such as calculating user tiers or generating display names from profile data
  • External API Integration: Call external services or APIs to retrieve real-time data that should be included in assertion
  • Complex Business Rules: Implement organization-specific logic for attribute generation that requires custom algorithms or decision trees

Getting Started#

To create a Script attributes value provider, sign in to the Admin UI and navigate to ProfilesSAML ProfileAttributesAttribute Value Providers. Select + New Attribute Value Provider, give the provider a unique identifier and choose the Script Attribute Provider type.

New Script Attribute Value Provider configuration in Admin UI
New attribute value provider for script in Admin UI. (Admin UI version: 10.6)

Configure the following settings:

  1. Account Manager — Optionally select an account manager if the script needs access to account data
  2. Bucket — Optionally select a bucket if the script needs to store or retrieve data
  3. Data Source — Optionally select a data source if the script needs to query external data repositories
  4. Webservice — Enable if the script needs to call external web services or REST APIs
  5. Procedure — Select or create a JavaScript procedure that generates the attributes
Configure Script Attributes Value Provider configuration in Admin UI
Configure attributes value provider for script in Admin UI. (Admin UI version: 10.6)

The procedure executes when assertions are issued and must return a map of key-value pairs representing the attributes to include.

Script Requirements#

The Script attributes value provider requires:

  • A JavaScript procedure configured under Scripting Guide
  • The procedure must return an object containing attribute names and values
  • Access to the authentication context and subject attributes within the script

Script attributes value providers can access authentication context, subject attributes, and other available data through the procedure context. The returned attributes depend entirely on the script implementation.

For more information on writing JavaScript procedures, see Scripting Guide

Was this helpful?