How to allow custom attributes in the SAML2 frontend?

[valpackett]

To implement group support between Rauthy (OIDC IdP) and Part-DB (SAML SP), I've added

attributes:
  group:
    openid: [groups]
    saml: [group]

to internal_attributes (and it works!.. well, one group is picked after all but still).

But it's getting filtered out when converted from internal attrs, so I've also had to hack _get_approved_attributes like so:

        for aconv in attrconvs:
            if aconv.name_format == name_format:
                all_attributes = {v: None for v in aconv._fro.values()}
                all_attributes['group'] = None # HACK
                attribute_filter = list(idp_policy.restrict(all_attributes, sp_entity_id).keys())
                break

I couldn't figure out where the filter comes from, it doesn't seem to be changeable from the yaml configs, or is it just not documented?