Supporting additional SAML assertion attributes


in the role definition we can refer to the current authenticated user with

  • “${user_name}”

Can we access/quote other SAML assertion attributes?

The place where jwt claims are generated by the saml response is:

and it seems that other assertions are ignored.
Can someone confirm that observation?
And one additional question can we add one more jwt claim assertion mapping?

The use case is when multiple users per tenant are carrying the same assertion attribute and we want to map it to a tenant in kibana/opendistro.