It seems to me that the features are not completely implemented in the Gateway, because the assertion "Extract Attributes for authenticated user" should deliver the role information, but it doesn't for the internal IdP. But here we are able to work with the restman, which brings no benefit. When we use groups to check for authorization with the internal IdP then we can not configure it via restman. For us the configuration via restman is essential, because we use the GW in the cloud and must setupable from scratch everytime. Is there any recommendation to solve that?