Identity Cloud

Customize SAML v2.0 with plugins

AM includes several plugin points that let you extend SAML v2.0 functionality.

AM provides a scripting engine and template scripts for you to extend SAML v2.0 behavior by running scripts stored as configuration, rather than by updating code. Creating and modifying plugin scripts enables rapid development without the need to change or recompile core AM.

For information about creating scripts, refer to Auth scripting.

To view sample scripts, refer to Sample scripts.

You can use a sample script as a base for your own implementation, and configure AM for your custom implementation in the entity provider settings.

For information about configuration settings, refer to the Reference section.

The following table provides an overview of the SAML v2.0 plugin points.

Plugin Description

Customize the default IDP attribute mapper to specify which user attributes are included in an assertion.

Customize SAML responses and browser redirects.

SAML v2.0 scripting API

The following properties are common to all SAML v2.0 plugin scripts. See individual plugins for additional properties specific to the script type.

Show script properties

The entity ID for the hosted IDP.


The logger instance particular to the script type. The output log files will be prefixed by a static string denoting the script type. Always present.


The name of the realm that the user is authenticating to.

Copyright © 2010-2023 ForgeRock, all rights reserved.