Environment
Access Manager 4.3
Access Manager 4.4
Access Manager 4.2
Access Manager 4.4
Access Manager 4.2
Situation
When setting up Form Fill policies it is impossible to select "Roles" that were assigned by the IDP at login, as a value to inject into a Form field. By contrast, on an Identity Injection policy an administratir can select those same "Roles" to be a value for any Header or Query string that is required. Similarly, for an Authorization policy one can also reference "Roles" to base decisions upon whether or not to allow access.
A NAM environment had a production application that would have benefited greatly from the ability to inject the Roles into a Form field, but no option exists to include.
A NAM environment had a production application that would have benefited greatly from the ability to inject the Roles into a Form field, but no option exists to include.
Resolution
Use virtual attributes to read in the Roles, and inject the virtual attribute with formfill.
Cause
It may be related to the html form specs at http://www.w3.org/TR/html4/interact/forms.html#h-17.4, which has no indication regarding limits to what you can include in a field. Usually these fields are single entry fields but "Roles" often tend to be multi valued. If it is a multivalued attribute, one need to use the select tag in the form.