diff --git a/spring-cloud-common-security-config/spring-cloud-common-security-config-web/src/main/java/org/springframework/cloud/common/security/support/CustomAuthoritiesOpaqueTokenIntrospector.java b/spring-cloud-common-security-config/spring-cloud-common-security-config-web/src/main/java/org/springframework/cloud/common/security/support/CustomAuthoritiesOpaqueTokenIntrospector.java
index 2d914ee09e..6025e21f8d 100644
--- a/spring-cloud-common-security-config/spring-cloud-common-security-config-web/src/main/java/org/springframework/cloud/common/security/support/CustomAuthoritiesOpaqueTokenIntrospector.java
+++ b/spring-cloud-common-security-config/spring-cloud-common-security-config-web/src/main/java/org/springframework/cloud/common/security/support/CustomAuthoritiesOpaqueTokenIntrospector.java
@@ -20,6 +20,7 @@
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
+import java.util.ArrayList;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -66,7 +67,16 @@ private Collection<GrantedAuthority> extractAuthorities(OAuth2AuthenticatedPrinc
 		final List<String> scopes = principal.getAttribute(OAuth2IntrospectionClaimNames.SCOPE);
 		final Set<String> scopesAsSet = new HashSet<>(scopes);
 		final Set<GrantedAuthority> authorities = this.authorityMapper.mapScopesToAuthorities(null, scopesAsSet, token);
-		final Set<GrantedAuthority> authorities2 = this.authorityMapper.mapClaimsToAuthorities(null, Arrays.asList("groups", "roles"));
+
+		List<String> roleClaims = principal.getAttribute("groups");
+		if (roleClaims == null) {
+			roleClaims = principal.getAttribute("roles");
+		}
+		if (roleClaims == null) {
+			roleClaims = new ArrayList<>();
+		}
+		
+		final Set<GrantedAuthority> authorities2 = this.authorityMapper.mapClaimsToAuthorities(null, roleClaims);
 		authorities.addAll(authorities2);
 		return authorities;
 	}