- New configuration option for web IdP endpoints (SAML & OAuth) allowing admin to enable attribute selection (in endpoint's config)
- consists from a list of attribute names which are subject to selection
- for each attribute there is additional flag controlling whether a single or multiple values should be selectable
- the above configuration is per-client and is optional
- UI with the active values selection is shown before the consent screen. Similar to the consent screen, the user can select (radio buttons group or checkboxes group) values for the attributes if has them.
- No saving of user choices.
- For the attributes which are subject of selection for the client, only the selected (active) values are sent. For attributes that are not configured as subject to active value selection, all values are sent.