Can I get / How can I get the full user profile and roles from OpenAM after authentication?

My project authentication use OpenAM with Spring Security and SAML extension. It's work fine.

I implemented the SAMLUserDetailsService interface, get back the uid (user id) from OpenAM (nameid-format:unspecified).

It's ok too, but I need the user information (email, phone...) and roles from OpenAM. How can I do this from here ?

Solution

You can add more claims to the SAML assertion (the docs describe how to do this). Use something like Firefox SAML tracer to view the SAML assertions.

You could also query the users profile directly from OpenDJ using their uid.

An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
Freshly configured OpenAm console hangs when attempted to login
Traefik Proxy update response cookies SameSite to None
Setting Client_Secret white fetching tokens using ForgeRock Javascript SDK
Authentication and getting attributes using componentspace SAML library with ForgeRock backend in .NET core
OpenAM tries to serve mixed content which is prohibited by browser
OpenAM ITfoxtec Saml2 invalid signature response?
OAuth2 authorization code flow: spring-security does not accept the issued access_token
Issue Building OpenAM from source
How to make OpenAM to return jwt-token with simple username and password authentication
Is it possible to authenticate against a Keycloak's Identity Provider (OpenAM) without using the Login screen?
Differences between SP initiated SSO and IDP initiated SSO
How to create a web policy agent in OpenAM given that the server URL has a not fully qualified hostname?
OpenAM: Web Policy Agent login to OpenAM fails
OpenAM auth chain that allows login for Administrative users only?
OpenAM - SAML, Auto federation and Self Service Password Reset
How To Configure openam SAML2 service provider to use NameID Format unspecified
OpenAM change url
Pingfederate kerberos authentication is authenticating any user from any domain
How OpenAM verify SAML response coming from IDP
OpenAM Relation between sign the SAML Response & Assertion
OpenAM SAML2 Transient Federation and Persistent Federation
OpenAM JEE Policy Agents 3.5 & 5.x
OpenAm how to redirect to template in callback (proceess method)
Passing RelayState between PingFederate(IDP) OpenAM (SP) with Sp-initiated sso
OpenAM, Not found error, then reload works
How to get header attributes in OpenAM?
Forgerock - Forgeops - util - building with RHEL?
OpenAM - Getting a Session attribute into an OpenID Connect claim
Configure nodejs as SP with passport-saml and OpenAM as IDP