2.4.4 User Attribute Retrieval and Transformation

The User Attribute Retrieval and Transformation feature enables you to retrieve an attribute from an external data source and transform it before sending it in an assertion. The data source can be any database, REST web service, or LDAP repositories. You can transform a user’s local attributes, LDAP attributes, Shared Secrets, and various profiles, such as Personal Profile and Employee Profile.

You can use virtual attributes to generate dynamic data at runtime from the current values of the user attributes. The transformed attribute values are not stored in any persistent data stores. They are in the memory as part of user’s session.


To perform complex user attribute transformations, you must have a basic understanding of JavaScript. To see sample JavaScripts with examples, see Sample JavaScripts with Examples.