We have converted xsjs services using @sap/xsjs compatibility layer as part of the migration process to CF environment from NEO.

At the NEO environment, with the help of SAML integration it was possible to get user attributes from our IDP (SAP Cloud Identity Authentication Service) inside the XSJS script. For instance, the code below included the groups assigned to the user.

$.session.samlAttribute.groups;

After integrating IDP to the CF, we were able to authenticate with the JWT and execute xsjs scripts via that user.

User is available when we execute $.session.getUsername().

However $.session.samlAttribute is EMPTY.

How can I access the assertion attributes coming from IDP like groups, login name, user id etc. ?