Skip to main content
Skip table of contents


This section provides practical, step-by-step instructions on how to perform specific tasks or address particular scenarios.

How to propagate OIDC SP scope to match with SAML IdP attributes

To ensure a seamless user experience in scenarios where OIDC and SAML are used, it may be necessary to align attribute expectations between the two protocols. This involves creating an attribute set with attributes that match those of the scope. Follow the step-by-step procedure below for more information.

  1. Create the attributes that will be included in both OIDC scope and SAML attributes.
    See Defining custom attributes

  2. Create a scope you want to use in OIDC:

    • Define it as OPENID type.

    • Enter a name and an optional description.

    • Select the attributes to be included in the scope.

    • Click on Save & Close.

  3. Create an attribute set:

    • Enter a name

    • Select the attributes included in the scope.

    • Click on Save & Close.

  4. Configure an OAuth Service Provider with the following properties:

    • Check “Propagate to attribute set”

    • Allow openid scope (OAUTH scope type)

    • Allow the scope created above.

  5. Configure a SAML Identity Provider with the following property:

    • Define “Attribute Consuming Services” with the attribute set created above.


  6. Test your configuration:

    • ⚠️ Note that exactly one scope of OPENID type must be present in the request for propagation to work.

    • Make an OIDC Authorization Request from the configured Service Provider. Build the authorization request with the necessary parameters. Make sure to include scopes: openid and the scope created and configured above.
      For example:

      &scope=openid myscope01

      TrustBuilder will use the attribute set that contains all of the attributes defined in the incoming OpenID scope and the least additional attributes.
      The SAML request to the IDP contains AttributeConsumingService attribute with an index defined on IDP configuration.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.