diff --git a/manifests/federation/openidc.pp b/manifests/federation/openidc.pp
index 80558280c..093f3b58f 100644
--- a/manifests/federation/openidc.pp
+++ b/manifests/federation/openidc.pp
@@ -59,6 +59,10 @@
 #  (Optional) Cache file clean interval in seconds (only triggered
 #  on writes). Defaults to undef.
 #
+# [*openidc_claim_delimiter*]
+#  (Optional) The delimiter to use when setting multi-valued claims.
+#  Defaults to undef.
+#
 # [*openidc_enable_oauth*]
 #  (Optional) Set to true to enable oauthsupport.
 #
@@ -110,6 +114,7 @@ class keystone::federation::openidc (
   $openidc_cache_shm_entry_size   = undef,
   $openidc_cache_dir              = undef,
   $openidc_cache_clean_interval   = undef,
+  $openidc_claim_delimiter        = undef,
   $openidc_enable_oauth           = false,
   $openidc_introspection_endpoint = undef,
   $memcached_servers              = undef,
diff --git a/spec/classes/keystone_federation_openidc_spec.rb b/spec/classes/keystone_federation_openidc_spec.rb
index c9d5e043f..5c847f035 100644
--- a/spec/classes/keystone_federation_openidc_spec.rb
+++ b/spec/classes/keystone_federation_openidc_spec.rb
@@ -149,5 +149,18 @@ describe 'keystone::federation::openidc' do
         expect(content).to match('OIDCRedisCacheServer "127.0.0.1"')
       end
     end
+
+    context 'with openidc_claim_delimiter attribute' do
+      before do
+        params.merge!({
+          :openidc_claim_delimiter => ';',
+        })
+      end
+
+      it 'should contain OIDC claim delimiter' do
+        content = get_param('concat::fragment', 'configure_openidc_keystone', 'content')
+        expect(content).to match('OIDCClaimDelimiter ";"')
+      end
+    end
   end
 end
diff --git a/templates/openidc.conf.erb b/templates/openidc.conf.erb
index a0d344323..de737b7e8 100644
--- a/templates/openidc.conf.erb
+++ b/templates/openidc.conf.erb
@@ -31,6 +31,9 @@
 <%- if scope['::keystone::federation::openidc::redis_password'] != nil -%>
   OIDCRedisCachecPassword scope['::keystone::federation::openidc::redis_password'] %>
 <%- end -%>
+<%- if scope['::keystone::federation::openidc::openidc_claim_delimiter'] != nil -%>
+  OIDCClaimDelimiter "<%= scope['::keystone::federation::openidc::openidc_claim_delimiter'] %>"
+<%- end -%>
 
   # The following directives are necessary to support websso from Horizon
   # (Per https://docs.openstack.org/keystone/pike/advanced-topics/federation/websso.html)