Cannot include Roles into Access Gateway Formfill policy

  • 7022282
  • 07-Nov-2017
  • 07-Nov-2017


Access Manager 4.3
Access Manager 4.4
Access Manager 4.2


When setting up Form Fill policies it is impossible to select "Roles" that were assigned by the IDP at login, as a value to inject into a Form field. By contrast, on an Identity Injection policy an administratir can select those same "Roles" to be a value for any Header or Query string that is required. Similarly, for an Authorization policy one can also reference "Roles" to base decisions upon whether or not to allow access.

A NAM environment had a production application that would have benefited greatly from the ability to inject the Roles into a Form field, but no option exists to include.


Use virtual attributes to read in the Roles, and inject the virtual attribute with formfill.


It may be related to the html form specs at, which has no indication regarding limits to what you can include in a field. Usually these fields are single entry fields but "Roles" often tend to be multi valued. If it is a multivalued attribute, one need to use the select tag in the form.