according to IM Techdocs, the information about user roles should be already available in SM as a Response attribute, like this:
SM_USER_APPLICATION_ROLES[:application id]: Returns a list of roles that are assigned to a user.
(see this link for additional details)
You may try to use this in place of the SOAP call
Let me know if this works
I know it and I use it for applications integrated via SPS passing it with the headers. Unfortunately it doesn't work if I put it in an OIDC provider as a claim :(