• PhenixID Authentication Services version 4.0 or higher
• PhenixID Authentication Services configured with an OpenID Connect Provider

• Login to Configuration Manager
• Select Scenarios->OIDC->YOUR_OIDC_PROVIDER
• Click Execution flow
• Expand Token endpoint
• If the array data is in the session (which is the case when a SAML IdP is used for authentication), click add valve and add a PropertyFromSessionToItem valve. Source should be set to the name of the SAML multivalue attribute. Example:

• Place the valve after SessionLoadValve and before GenerateJWTTokenVavle, using drag-and-drop
• Add a new valve, PropertyJoinValve. Set the source to the same as above. Example:

• Place the valve after the previously added PropertyFromSessionToItem valve, using drag-and-drop
• Expand the GenerateJWTTokenVavle
• Add a new token attribute.
  name = same as above, for example groups
  value = {{item.same_as_above}}, for example {{item.groups}}
  type = array
  
  Example:

• Click Save
• Expand the PropertyJoinValve
• Click Advanced
• Copy the ID value

• Click on the top Advanced tab
• Click on the pen to the right of Pipe valves
• Search for the previously copied ID
• Make the following changes to the valve config:
  • Remove the dest parameter (whole row)
  • Change the separator value to \",\"
    

Example:

• Click Stage changes and Commit changes
• Select Scenarios->OIDC->YOUR_OIDC_PROVIDER
• Click Execution flow
• Expand Token endpoint
• Expand GenerateJWTTokenVavle
• Click Advanced
• Copy the ID value
• Click on the top Advanced tab
• Click on the pen to the right of Pipe valves
• Search for the previously copied ID
• Make the following changes to the valve config:
  • Locate the token attribute (in this example groups)
  • Change the value to [\"{{item.groups}}\"]   (change groups to match your property name)

Example:

• Click Stage changes and Commit changes