Hi, Hao.
I believe you need to edit this part of `asimba.xml` file and restart Tomcat:
```
<attributerelease class="com.alfaariss.oa.engine.attribute.release.configuration.ConfigurationFactory">
<policy id="asimba.releasepolicy.1" friendlyname="Default Attribute Release policy" enabled="true">
<attribute name="firstname" ></attribute>
<attribute name="lastname" ></attribute>
<attribute name="email" ></attribute>
<attribute name="role" ></attribute>
<attribute name="country" ></attribute> <!-- country is defined in <global ..> attribute section -->
<!-- when all available attributes can be released, use the wildcard "*" for name,
like:
<attribute name="*" ></attribute>
Asimba Baseline keeps the password in the same format as the attributes, so
allowing all attributes to be released, would expose the password as well!
-->
</policy>
</attributerelease>
```
...to make it look like this:
```
<attributerelease class="com.alfaariss.oa.engine.attribute.release.configuration.ConfigurationFactory">
<policy id="asimba.releasepolicy.1" friendlyname="Default Attribute Release policy" enabled="true">
<attribute name="firstname" ></attribute>
<attribute name="lastname" ></attribute>
<attribute name="email" ></attribute>
<attribute name="role" ></attribute>
<attribute name="country" ></attribute>
<attribute name="*" ></attribute> <!-- country is defined in <global ..> attribute section -->
<!-- when all available attributes can be released, use the wildcard "*" for name,
like:
<attribute name="*" ></attribute>
Asimba Baseline keeps the password in the same format as the attributes, so
allowing all attributes to be released, would expose the password as well!
-->
</policy>
</attributerelease>
```
Note the additional element `<attribute name="*" ></attribute>` in the second snippet. It instructs to pass all attributes Asimba will receive from IdPs to auth script. Then you can do whatever you want with them in the script, and additionally limit what is being sent to SPs by tweaking their TRs
You shouldn't need to do anything else to release your attributes. Please try this for now, and let me know when you'll have a working setup, then we can proceed to your last issue.