I have posted a discussion Topic in the developers forum with my findings as I have been searching for a solution to get attributes passed from IDP(originating from my LDAP server) to the SP in the SAML Response.
I have been able to get everything configured, except one item, and I don't see much information that will help me get past it, so I thought I would post here as well.
It appears that my Attribute Handler gets invoked AFTER the response has already been created and sent, thus my attributes are not in it until the next request.
I have verified this by debugging the SAML2AuthenticationHandler, and see that the Response gets committed before the Attribute Handler gets invoked.
Is there a way to change the order in which the Handlers get invoked? I have tried to change the order in the Picketlink-handlers.xml file and that did not seem to work.