I would like claims defined for service not for all serviced registred in CAS OIDC .Can i do it in json service file?
60 views
Skip to first unread message
artur mis
Feb 29, 2024, 11:49:28 AM2/29/24
to CAS Community
service like This:
{
"@class": "org.apereo.cas.services.OidcRegisteredService",
"clientId": "demoOIDC_wsl",
"clientSecret": "xxxxx",
"serviceId": "^(https|http)://localhost/.*",
"signIdToken": true,
"implicit": true,
"bypassApprovalPrompt": false,
"name": "Demo",
"id": 22,
"evaluationOrder": 100,
"encryptIdToken": false,
"scopes": [ "java.util.HashSet",[ "openid", "profile", "email" ]]
}
"@class": "org.apereo.cas.services.OidcRegisteredService",
"clientId": "demoOIDC_wsl",
"clientSecret": "xxxxx",
"serviceId": "^(https|http)://localhost/.*",
"signIdToken": true,
"implicit": true,
"bypassApprovalPrompt": false,
"name": "Demo",
"id": 22,
"evaluationOrder": 100,
"encryptIdToken": false,
"scopes": [ "java.util.HashSet",[ "openid", "profile", "email" ]]
}
I would like to define claims in service not like bellow in cas.propierties.
cas.authn.oidc.discovery.scopes=openid,email,profile
cas.authn.oidc.discovery.claims=displayName,mail
cas.authn.oidc.discovery.claims=displayName,mail
I have tested cas.propierties with commened lines:
cas.authn.oidc.discovery.scopes=openid,email,profile
cas.authn.oidc.discovery.claims=displayName,mail
cas.authn.oidc.discovery.claims=displayName,mail
and i add line : claims : ["displayName", "mail" ] to service but it seems it doesnt work.
Ray Bon
Feb 29, 2024, 7:08:29 PM2/29/24
to cas-...@apereo.org
artur,
Perhaps 'user-defined scopes' under https://apereo.github.io/cas/7.0.x/authentication/OIDC-Authentication-Claims-Mapping.html#mapping-claims-per-service
Ray
On Thu, 2024-02-29 at 08:39 -0800, artur mis wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Reply all
Reply to author
Forward
0 new messages