diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/pom.xml b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/pom.xml
index 0fe6ba2b2537..5e08bc561774 100644
--- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/pom.xml
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/pom.xml
@@ -213,6 +213,10 @@
             <groupId>org.wso2.carbon.identity.organization.management.core</groupId>
             <artifactId>org.wso2.carbon.identity.organization.management.service</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.role.v2.mgt.core</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
@@ -286,6 +290,7 @@
                             org.wso2.carbon.identity.configuration.mgt.core; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.configuration.mgt.core.exception; version="${carbon.identity.package.import.version.range}",
                             org.wso2.carbon.identity.configuration.mgt.core.model; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.identity.role.v2.mgt.core; version="${carbon.identity.package.import.version.range}",
                         </Import-Package>
                         <Export-Package>!org.wso2.carbon.identity.application.authentication.framework.internal,
                             org.wso2.carbon.identity.application.authentication.framework.*;
diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/approles/impl/AppAssociatedRolesResolverImpl.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/approles/impl/AppAssociatedRolesResolverImpl.java
new file mode 100644
index 000000000000..bd89c1f2f7f6
--- /dev/null
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/approles/impl/AppAssociatedRolesResolverImpl.java
@@ -0,0 +1,349 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.application.authentication.framework.handler.approles.impl;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang.StringUtils;
+import org.wso2.carbon.CarbonConstants;
+import org.wso2.carbon.identity.application.authentication.framework.exception.UserIdNotFoundException;
+import org.wso2.carbon.identity.application.authentication.framework.handler.approles.ApplicationRolesResolver;
+import org.wso2.carbon.identity.application.authentication.framework.handler.approles.exception.ApplicationRolesException;
+import org.wso2.carbon.identity.application.authentication.framework.handler.approles.util.RoleResolverUtils;
+import org.wso2.carbon.identity.application.authentication.framework.internal.FrameworkServiceDataHolder;
+import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
+import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
+import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
+import org.wso2.carbon.identity.application.common.model.ClaimMapping;
+import org.wso2.carbon.identity.application.common.model.IdentityProvider;
+import org.wso2.carbon.identity.application.common.model.RoleV2;
+import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
+import org.wso2.carbon.identity.role.v2.mgt.core.exception.IdentityRoleManagementException;
+import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
+import org.wso2.carbon.user.api.UserStoreException;
+import org.wso2.carbon.user.api.UserStoreManager;
+import org.wso2.carbon.user.core.NotImplementedException;
+import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
+import org.wso2.carbon.user.core.common.Group;
+import org.wso2.carbon.user.core.service.RealmService;
+import org.wso2.carbon.user.core.util.UserCoreUtil;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+import static org.wso2.carbon.identity.application.authentication.framework.handler.approles.constant.AppRolesConstants.ErrorMessages.ERROR_CODE_RETRIEVING_APP_ROLES;
+import static org.wso2.carbon.identity.application.authentication.framework.handler.approles.constant.AppRolesConstants.ErrorMessages.ERROR_CODE_RETRIEVING_IDENTITY_PROVIDER;
+import static org.wso2.carbon.identity.application.authentication.framework.handler.approles.constant.AppRolesConstants.ErrorMessages.ERROR_CODE_RETRIEVING_LOCAL_USER_GROUPS;
+import static org.wso2.carbon.identity.application.authentication.framework.handler.approles.constant.AppRolesConstants.ErrorMessages.ERROR_CODE_USER_NULL;
+import static org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants.InternalRoleDomains.APPLICATION_DOMAIN;
+import static org.wso2.carbon.user.mgt.UserMgtConstants.INTERNAL_ROLE;
+
+/**
+ * Application associated roles resolver implementation.
+ */
+public class AppAssociatedRolesResolverImpl implements ApplicationRolesResolver {
+
+    @Override
+    public int getPriority() {
+
+        return 200;
+    }
+
+    @Override
+    public String[] getRoles(AuthenticatedUser authenticatedUser, String applicationId) throws
+            ApplicationRolesException {
+
+        if (authenticatedUser == null) {
+            throw RoleResolverUtils.handleClientException(ERROR_CODE_USER_NULL);
+        }
+        if (CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
+            return new String[0];
+        }
+        if (authenticatedUser.isFederatedUser()) {
+            return getAppAssociatedRolesForFederatedUser(authenticatedUser, applicationId);
+        }
+        return getAppAssociatedRolesForLocalUser(authenticatedUser, applicationId);
+    }
+
+    /**
+     * Get app associated roles for local user for given app.
+     *
+     * @param authenticatedUser Authenticated user.
+     * @param applicationId     Application ID.
+     * @return App associated roles for local user.
+     * @throws ApplicationRolesException If an error occurred while getting app associated roles for local user.
+     */
+    private String[] getAppAssociatedRolesForLocalUser(AuthenticatedUser authenticatedUser, String applicationId)
+            throws ApplicationRolesException {
+
+        Set<String> userRoleIds = getAllRolesOfLocalUser(authenticatedUser);
+        List<RoleV2> rolesAssociatedWithApp = getRolesAssociatedWithApplication(applicationId,
+                authenticatedUser.getTenantDomain());
+
+        return rolesAssociatedWithApp.stream()
+                .filter(role -> userRoleIds.contains(role.getId()))
+                .map(RoleV2::getName)
+                .toArray(String[]::new);
+    }
+
+    private String[] getAppAssociatedRolesForFederatedUser(AuthenticatedUser authenticatedUser, String applicationId)
+            throws ApplicationRolesException {
+
+        Set<String> federatedUserRoleIds = getAllRolesOfFederatedUser(authenticatedUser);
+        List<RoleV2> rolesAssociatedWithApp = getRolesAssociatedWithApplication(applicationId,
+                authenticatedUser.getTenantDomain());
+
+        return rolesAssociatedWithApp.stream()
+                .filter(role -> federatedUserRoleIds.contains(role.getId()))
+                .map(RoleV2::getName)
+                .toArray(String[]::new);
+    }
+
+    /**
+     * Get all roles of the local user.
+     *
+     * @param authenticatedUser Authenticated user.
+     * @return All the roles assigned to the local user.
+     * @throws ApplicationRolesException If an error occurred while getting all roles of a local user.
+     */
+    private Set<String> getAllRolesOfLocalUser(AuthenticatedUser authenticatedUser)
+            throws ApplicationRolesException {
+
+        try {
+            List<String> userGroups = getUserGroups(authenticatedUser);
+            List<String> roleIdsFromUserGroups = getRoleIdsOfGroups(userGroups, authenticatedUser.getTenantDomain());
+            List<String> roleIdsFromUser =
+                    getRoleIdsOfUser(authenticatedUser.getUserId(), authenticatedUser.getTenantDomain());
+
+            return new HashSet<>(CollectionUtils.union(roleIdsFromUserGroups, roleIdsFromUser));
+        } catch (IdentityRoleManagementException | UserIdNotFoundException e) {
+            throw RoleResolverUtils.handleServerException(ERROR_CODE_RETRIEVING_APP_ROLES, e);
+        }
+    }
+
+    /**
+     * Get all roles of the federated user.
+     *
+     * @param authenticatedUser Authenticated user.
+     * @return All the roles assigned to the federated user.
+     * @throws ApplicationRolesException If an error occurred while getting all roles of a federated user.
+     */
+    private Set<String> getAllRolesOfFederatedUser(AuthenticatedUser authenticatedUser)
+            throws ApplicationRolesException {
+
+        String tenantDomain = authenticatedUser.getTenantDomain();
+        List<String> userIDPGroups = getFederatedUserIDPGroup(authenticatedUser);
+        if (CollectionUtils.isEmpty(userIDPGroups)) {
+            return Collections.emptySet();
+        }
+        List<String> roleIdsFromIDPGroups = getRoleIdsOfIdpGroups(userIDPGroups, tenantDomain);
+        return new HashSet<>(roleIdsFromIDPGroups);
+    }
+
+    /**
+     * Get Role IDs assigned to user through groups.
+     *
+     * @param userGroups   User groups.
+     * @param tenantDomain Tenant domain.
+     * @return Role IDs assigned to user through groups.
+     * @throws IdentityRoleManagementException If an error occurred while getting role IDs assigned through groups.
+     */
+    private List<String> getRoleIdsOfGroups(List<String> userGroups, String tenantDomain)
+            throws IdentityRoleManagementException {
+
+        return FrameworkServiceDataHolder.getInstance().getRoleManagementServiceV2()
+                .getRoleIdListOfGroups(userGroups, tenantDomain);
+    }
+
+    /**
+     * Get Role IDs assigned to user directly.
+     *
+     * @param userId       User ID.
+     * @param tenantDomain Tenant domain.
+     * @return Role IDs assigned to user directly.
+     * @throws IdentityRoleManagementException If an error occurred while getting role IDs assigned directly.
+     */
+    private List<String> getRoleIdsOfUser(String userId, String tenantDomain)
+            throws IdentityRoleManagementException {
+
+        return FrameworkServiceDataHolder.getInstance().getRoleManagementServiceV2()
+                .getRoleIdListOfUser(userId, tenantDomain);
+    }
+
+    /**
+     * Get roles associated with the application.
+     *
+     * @param applicationId Application ID.
+     * @param tenantDomain  Tenant domain.
+     * @return Roles associated with the application.
+     * @throws ApplicationRolesException If an error occurred while getting roles associated with the application.
+     */
+    private List<RoleV2> getRolesAssociatedWithApplication(String applicationId, String tenantDomain)
+            throws ApplicationRolesException {
+
+        try {
+            return FrameworkServiceDataHolder.getInstance().getApplicationManagementService()
+                    .getAssociatedRolesOfApplication(applicationId, tenantDomain);
+        } catch (IdentityApplicationManagementException e) {
+            throw RoleResolverUtils.handleServerException(ERROR_CODE_RETRIEVING_APP_ROLES, e);
+        }
+    }
+
+    /**
+     * Get federated user IDP groups.
+     *
+     * @param authenticatedUser Authenticated user.
+     * @return Federated user IDP groups.
+     * @throws ApplicationRolesException If an error occurred while getting federated user IDP groups.
+     */
+    private List<String> getFederatedUserIDPGroup(AuthenticatedUser authenticatedUser)
+            throws ApplicationRolesException {
+
+        String idpName = authenticatedUser.getFederatedIdPName();
+        String tenantDomain = authenticatedUser.getTenantDomain();
+        IdentityProvider federatedIdP;
+        try {
+            federatedIdP = FrameworkServiceDataHolder.getInstance().getIdentityProviderManager()
+                    .getIdPByName(idpName, tenantDomain, true);
+        } catch (IdentityProviderManagementException e) {
+            throw RoleResolverUtils.handleServerException(
+                    ERROR_CODE_RETRIEVING_IDENTITY_PROVIDER, e, idpName, tenantDomain);
+        }
+        if (federatedIdP != null) {
+            String idpGroupsClaimUri = Arrays.stream(federatedIdP.getClaimConfig().getClaimMappings())
+                    .filter(claimMapping ->
+                            FrameworkConstants.GROUPS_CLAIM.equals(claimMapping.getLocalClaim().getClaimUri()))
+                    .map(claimMapping -> claimMapping.getRemoteClaim().getClaimUri())
+                    .findFirst()
+                    .orElse(null);
+
+            if (idpGroupsClaimUri != null) {
+                String[] idpGroups = getIdPUserGroups(authenticatedUser, idpGroupsClaimUri);
+                if (idpGroups != null && idpGroups.length > 0) {
+                    return Arrays.asList(idpGroups);
+                }
+            }
+        }
+        return Collections.emptyList();
+    }
+
+    /**
+     * Get the groups of the local authenticated user.
+     *
+     * @param authenticatedUser Authenticated user.
+     * @return Groups of the local user.
+     * @throws ApplicationRolesException If an error occurred while getting groups of the local user.
+     */
+    private List<String> getUserGroups(AuthenticatedUser authenticatedUser) throws ApplicationRolesException {
+
+        List<String> userGroups = new ArrayList<>();
+
+        RealmService realmService = UserCoreUtil.getRealmService();
+        try {
+            int tenantId = IdentityTenantUtil.getTenantId(authenticatedUser.getTenantDomain());
+            UserStoreManager userStoreManager = realmService.getTenantUserRealm(tenantId).getUserStoreManager();
+            List<Group> groups = ((AbstractUserStoreManager) userStoreManager)
+                    .getGroupListOfUser(authenticatedUser.getUserId(), null, null);
+            // Exclude internal and application groups from the list.
+            for (Group group : groups) {
+                String groupName = group.getGroupName();
+                if (!StringUtils.containsIgnoreCase(groupName, INTERNAL_ROLE) &&
+                        !StringUtils.containsIgnoreCase(groupName, APPLICATION_DOMAIN)) {
+                    userGroups.add(group.getGroupID());
+                }
+            }
+        } catch (UserIdNotFoundException e) {
+            throw RoleResolverUtils.handleServerException(ERROR_CODE_RETRIEVING_LOCAL_USER_GROUPS,
+                    e);
+        } catch (UserStoreException e) {
+            if (isDoGetGroupListOfUserNotImplemented(e)) {
+                return userGroups;
+            }
+            throw RoleResolverUtils.handleServerException(ERROR_CODE_RETRIEVING_LOCAL_USER_GROUPS,
+                    e);
+        }
+        return userGroups;
+    }
+
+    /**
+     * Check if the UserStoreException occurred due to the doGetGroupListOfUser method not being implemented.
+     *
+     * @param e UserStoreException.
+     * @return true if the UserStoreException was caused by the doGetGroupListOfUser method not being implemented,
+     * false otherwise.
+     */
+    private boolean isDoGetGroupListOfUserNotImplemented(UserStoreException e) {
+
+        Throwable cause = e.getCause();
+        while (cause != null) {
+            if (cause instanceof NotImplementedException) {
+                return true;
+            }
+            cause = cause.getCause();
+        }
+        return false;
+    }
+
+    /**
+     * Get the IdP groups of the federated authenticated user.
+     *
+     * @param authenticatedUser Authenticated federated user.
+     * @return IdP groups of the authenticated user.
+     */
+    private String[] getIdPUserGroups(AuthenticatedUser authenticatedUser, String idpAppRoleClaimUri) {
+
+        Map<ClaimMapping, String> userAttributes = authenticatedUser.getUserAttributes();
+        for (Map.Entry<ClaimMapping, String> entry : userAttributes.entrySet()) {
+            ClaimMapping claimMapping = entry.getKey();
+            if (idpAppRoleClaimUri.equals(claimMapping.getRemoteClaim().getClaimUri())) {
+                String idPGroupsClaim = entry.getValue();
+                if (StringUtils.isNotBlank(idPGroupsClaim)) {
+                    return idPGroupsClaim.split(Pattern.quote(FrameworkUtils.getMultiAttributeSeparator()));
+                }
+                return null;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * Get the role ids of idp groups.
+     *
+     * @param groups       IDP Groups.
+     * @param tenantDomain Tenant domain.
+     * @return Role ids of idp groups.
+     * @throws ApplicationRolesException if an error occurs while retrieving role id list of idp groups.
+     */
+    private static List<String> getRoleIdsOfIdpGroups(List<String> groups, String tenantDomain)
+            throws ApplicationRolesException {
+
+        try {
+            return FrameworkServiceDataHolder.getInstance().getRoleManagementServiceV2()
+                    .getRoleIdListOfIdpGroups(groups, tenantDomain);
+        } catch (IdentityRoleManagementException e) {
+            throw RoleResolverUtils.handleServerException(ERROR_CODE_RETRIEVING_APP_ROLES, e);
+        }
+    }
+}
diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/approles/util/RoleResolverUtils.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/approles/util/RoleResolverUtils.java
new file mode 100644
index 000000000000..d33fd72221ad
--- /dev/null
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/approles/util/RoleResolverUtils.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com).
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.wso2.carbon.identity.application.authentication.framework.handler.approles.util;
+
+import org.apache.commons.lang.ArrayUtils;
+import org.wso2.carbon.identity.application.authentication.framework.handler.approles.constant.AppRolesConstants;
+import org.wso2.carbon.identity.application.authentication.framework.handler.approles.exception.ApplicationRolesClientException;
+import org.wso2.carbon.identity.application.authentication.framework.handler.approles.exception.ApplicationRolesServerException;
+
+/**
+ * Utility class for Roles Resolver.
+ */
+public class RoleResolverUtils {
+
+    /**
+     * Throw an ApplicationRolesServerException with the given error message.
+     *
+     * @param error The error enum.
+     * @param e     The throwable.
+     * @param data  The error message data.
+     * @return ApplicationRolesServerException.
+     */
+    public static ApplicationRolesServerException handleServerException(
+            AppRolesConstants.ErrorMessages error, Throwable e, String... data) {
+
+        String description = error.getDescription();
+        if (ArrayUtils.isNotEmpty(data)) {
+            description = String.format(description, data);
+        }
+        return new ApplicationRolesServerException(error.getMessage(), description, error.getCode(), e);
+    }
+
+    /**
+     * Throw an ApplicationRolesClientException with the given error message.
+     *
+     * @param error The error enum.
+     * @param data The error message data.
+     * @return ApplicationRolesClientException.
+     */
+    public static ApplicationRolesClientException handleClientException(
+            AppRolesConstants.ErrorMessages error, String... data) {
+
+        String description = error.getDescription();
+        if (ArrayUtils.isNotEmpty(data)) {
+            description = String.format(description, data);
+        }
+        return new ApplicationRolesClientException(error.getMessage(), description, error.getCode());
+    }
+}
diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/claims/impl/DefaultClaimHandler.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/claims/impl/DefaultClaimHandler.java
index 314a5e58739e..26685f10a4dc 100644
--- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/claims/impl/DefaultClaimHandler.java
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/handler/claims/impl/DefaultClaimHandler.java
@@ -23,6 +23,7 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.identity.application.authentication.framework.ApplicationAuthenticator;
 import org.wso2.carbon.identity.application.authentication.framework.config.builder.FileBasedConfigurationBuilder;
@@ -217,6 +218,11 @@ protected Map<String, String> handleFederatedClaims(Map<String, String> remoteCl
 
         if (StringUtils.isNotBlank(applicationRoles)) {
             localUnfilteredClaims.put(FrameworkConstants.APP_ROLES_CLAIM, applicationRoles);
+            if (!CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
+                // Add app associated roles to roles claim in Role V2 runtime.
+                String rolesClaimURI = getLocalGroupsClaimURI();
+                localUnfilteredClaims.put(rolesClaimURI, applicationRoles);
+            }
         }
 
         // claim mapping from local service provider to remote service provider.
@@ -570,7 +576,14 @@ protected Map<String, String> handleLocalClaims(String spStandardDialect,
         // Retrieve all non-null user claim values against local claim uris.
         allLocalClaims = retrieveAllNunNullUserClaimValues(authenticatedUser, claimManager, appConfig, userStore);
 
-        handleApplicationRolesForLocalUser(stepConfig, context, allLocalClaims);
+        String applicationRoles = getApplicationRoles(authenticatedUser, context);
+
+        handleApplicationRolesForLocalUser(stepConfig, context, allLocalClaims, applicationRoles);
+
+        if (!CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME) {
+            // Handle app associated roles in roles claim in Role V2 runtime.
+            handleRoleAppAssoication(allLocalClaims, applicationRoles);
+        }
 
         // Insert the runtime claims from the context. The priority is for runtime claims.
         allLocalClaims.putAll(context.getRuntimeClaims());
@@ -1098,6 +1111,22 @@ private boolean enableMergingCustomClaimMappingsWithDefaultMappings() {
                 .isMergingCustomClaimMappingsWithDefaultClaimMappingsAllowed();
     }
 
+    /**
+     * Handle role app association in roles claim.
+     *
+     * @param appAssociatedRoles App associated roles.
+     * @param mappedAttrs Mapped claim attributes.
+     */
+    private void handleRoleAppAssoication(Map<String, String> mappedAttrs, String appAssociatedRoles) {
+
+        // Getting roles claim URI by checking legacy config.
+        String rolesClaimURI = getLocalGroupsClaimURI();
+        if (mappedAttrs.containsKey(rolesClaimURI)) {
+            mappedAttrs.put(rolesClaimURI,
+                    StringUtils.isEmpty(appAssociatedRoles) ? StringUtils.EMPTY : appAssociatedRoles);
+        }
+    }
+
     /**
      * Specially handle role claim values.
      *
@@ -1172,7 +1201,7 @@ protected String getApplicationRolesForFederatedUser(StepConfig stepConfig, Auth
      * @throws FrameworkException Exception on handling application roles for local user.
      */
     protected void handleApplicationRolesForLocalUser(StepConfig stepConfig, AuthenticationContext context,
-                                                    Map<String, String> allLocalClaims)
+                                                    Map<String, String> allLocalClaims, String appAssociatedRoles)
             throws FrameworkException {
 
         AuthenticatedUser authenticatedUser = getAuthenticatedUser(stepConfig, context);
@@ -1183,9 +1212,8 @@ protected void handleApplicationRolesForLocalUser(StepConfig stepConfig, Authent
             String requestedAppRoleClaim = context.getSequenceConfig().getApplicationConfig()
                     .getRequestedClaimMappings().get(FrameworkConstants.APP_ROLES_CLAIM);
             if (requestedAppRoleClaim != null) {
-                String appRoles = getApplicationRoles(authenticatedUser, context);
-                if (appRoles != null) {
-                    allLocalClaims.put(FrameworkConstants.APP_ROLES_CLAIM, appRoles);
+                if (appAssociatedRoles != null) {
+                    allLocalClaims.put(FrameworkConstants.APP_ROLES_CLAIM, appAssociatedRoles);
                 }
             }
         }
diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java
index 2501e4ba2554..f72196147495 100644
--- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceComponent.java
@@ -57,6 +57,7 @@
 import org.wso2.carbon.identity.application.authentication.framework.dao.impl.LongWaitStatusDAOImpl;
 import org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException;
 import org.wso2.carbon.identity.application.authentication.framework.handler.approles.ApplicationRolesResolver;
+import org.wso2.carbon.identity.application.authentication.framework.handler.approles.impl.AppAssociatedRolesResolverImpl;
 import org.wso2.carbon.identity.application.authentication.framework.handler.claims.ClaimFilter;
 import org.wso2.carbon.identity.application.authentication.framework.handler.claims.impl.DefaultClaimFilter;
 import org.wso2.carbon.identity.application.authentication.framework.handler.provisioning.listener.JITProvisioningIdentityProviderMgtListener;
@@ -110,6 +111,7 @@
 import org.wso2.carbon.identity.multi.attribute.login.mgt.MultiAttributeLoginService;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManagementInitialize;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
 import org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager;
 import org.wso2.carbon.idp.mgt.IdpManager;
 import org.wso2.carbon.idp.mgt.listener.IdentityProviderMgtListener;
@@ -212,6 +214,9 @@ protected void activate(ComponentContext ctxt) {
                 new SessionExtenderResponseFactory(), null);
         bundleContext.registerService(IdentityProcessor.class.getName(), new SessionExtenderProcessor(), null);
 
+        bundleContext.registerService(ApplicationRolesResolver.class.getName(), new AppAssociatedRolesResolverImpl(),
+                null);
+
         ServerSessionManagementService serverSessionManagementService = new ServerSessionManagementServiceImpl();
         bundleContext.registerService(ServerSessionManagementService.class.getName(),
                 serverSessionManagementService, null);
@@ -1048,4 +1053,22 @@ protected void unregisterConfigurationManager(ConfigurationManager configuration
         }
         FrameworkServiceDataHolder.getInstance().setConfigurationManager(null);
     }
+
+    @Reference(
+            name = "org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService",
+            service = org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService.class,
+            cardinality = ReferenceCardinality.MANDATORY,
+            policy = ReferencePolicy.DYNAMIC,
+            unbind = "unsetRoleManagementServiceV2")
+    protected void setRoleManagementServiceV2(RoleManagementService roleManagementService) {
+
+        FrameworkServiceDataHolder.getInstance().setRoleManagementServiceV2(roleManagementService);
+        log.debug("RoleManagementServiceV2 set in FrameworkServiceComponent bundle.");
+    }
+
+    protected void unsetRoleManagementServiceV2(RoleManagementService roleManagementService) {
+
+        FrameworkServiceDataHolder.getInstance().setRoleManagementServiceV2(null);
+        log.debug("RoleManagementServiceV2 unset in FrameworkServiceComponent bundle.");
+    }
 }
diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceDataHolder.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceDataHolder.java
index cb02177512c2..b53c2ce54cf3 100644
--- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceDataHolder.java
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/internal/FrameworkServiceDataHolder.java
@@ -53,6 +53,7 @@
 import org.wso2.carbon.identity.multi.attribute.login.mgt.MultiAttributeLoginService;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManagementInitialize;
 import org.wso2.carbon.identity.organization.management.service.OrganizationManager;
+import org.wso2.carbon.identity.role.v2.mgt.core.RoleManagementService;
 import org.wso2.carbon.identity.user.profile.mgt.association.federation.FederatedAssociationManager;
 import org.wso2.carbon.idp.mgt.IdpManager;
 import org.wso2.carbon.user.core.service.RealmService;
@@ -112,6 +113,7 @@ public class FrameworkServiceDataHolder {
     private boolean isAdaptiveAuthenticationAvailable = false;
     private boolean isOrganizationManagementEnable = false;
     private OrganizationManager organizationManager;
+    private RoleManagementService roleManagementServiceV2;
 
     private FrameworkServiceDataHolder() {
 
@@ -721,4 +723,24 @@ public ConfigurationManager getConfigurationManager() {
 
         return configurationManager;
     }
+
+    /**
+     * Get {@link RoleManagementService}.
+     *
+     * @return Instance of {@link RoleManagementService}.
+     */
+    public RoleManagementService getRoleManagementServiceV2() {
+
+        return roleManagementServiceV2;
+    }
+
+    /**
+     * Set {@link RoleManagementService}.
+     *
+     * @param roleManagementServiceV2 Instance of {@link RoleManagementService}.
+     */
+    public void setRoleManagementServiceV2(RoleManagementService roleManagementServiceV2) {
+
+        this.roleManagementServiceV2 = roleManagementServiceV2;
+    }
 }
diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/claims/impl/DefaultClaimHandlerTest.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/claims/impl/DefaultClaimHandlerTest.java
index 6e523658a171..ec117177953d 100644
--- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/claims/impl/DefaultClaimHandlerTest.java
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/claims/impl/DefaultClaimHandlerTest.java
@@ -161,7 +161,8 @@ public void testHandleApplicationRolesForLocalUser() throws Exception {
         when(applicationRolesResolver.getRoles(eq(authenticatedUser), eq(applicationId))).thenReturn(
                 mappedApplicationRoles);
 
-        defaultClaimHandler.handleApplicationRolesForLocalUser(stepConfig, authenticationContext, localClaims);
+        defaultClaimHandler.handleApplicationRolesForLocalUser(stepConfig, authenticationContext, localClaims,
+                String.join(FrameworkUtils.getMultiAttributeSeparator(), mappedApplicationRoles));
 
         Assert.assertEquals(localClaims.get(FrameworkConstants.APP_ROLES_CLAIM),
                 String.join(",", mappedApplicationRoles));
diff --git a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandlerAcrTest.java b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandlerAcrTest.java
index 2d37ab179834..faf2240fa86e 100644
--- a/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandlerAcrTest.java
+++ b/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/test/java/org/wso2/carbon/identity/application/authentication/framework/handler/sequence/impl/GraphBasedSequenceHandlerAcrTest.java
@@ -18,8 +18,10 @@
 
 package org.wso2.carbon.identity.application.authentication.framework.handler.sequence.impl;
 
+import org.testng.annotations.BeforeClass;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
+import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.SequenceConfig;
 import org.wso2.carbon.identity.application.authentication.framework.context.AuthHistory;
@@ -57,6 +59,12 @@
 @WithAxisConfiguration
 public class GraphBasedSequenceHandlerAcrTest extends GraphBasedSequenceHandlerAbstractTest {
 
+    @BeforeClass
+    public void setUpMocks() {
+
+        CarbonConstants.ENABLE_LEGACY_AUTHZ_RUNTIME = true;
+    }
+
     @Test(dataProvider = "staticAcrDataProvider")
     public void testHandleStaticJavascriptAcr(String spFileName, String[] acrArray, int authHistoryCount) throws
             Exception {