Hi,
I would like to provide you with some further details regarding the log and the configuration OIDC :
I use an Tomcat11 with JDK 21 expose on 443 port.
The attributes from CAS are mapped as follows in cs.properties :
# Inclusion des claims dans les tokens
cas.authn.oidc.id-token.include-id-token-claims=true
cas.authn.oidc.core.claims-map.email=mailRoutingAddress
cas.authn.oidc.core.claims-map.MemberOf=groupe
cas.authn.oidc.core.claims-map.firstname=givenName
cas.authn.oidc.core.claims-map.lastname=sn
cas.authn.oidc.core.claims-map.displayname=displayName
cas.authn.oidc.core.claims-map.compteactif=compteactif
cas.authn.oidc.core.claims-map.fonctionuser=fonctionlibelle
cas.authn.oidc.core.claims-map.secteuruser=secteurlibelle
cas.authn.oidc.core.claims-map.serviceuser=servicelibelle
cas.authn.oidc.core.claims-map.departementuser=departementlibelle
cas.authn.oidc.core.claims-map.directionuser=directionlibelle
cas.authn.oidc.core.claims-map.contrat=employeeType
cas.authn.oidc.discovery.claims=sub,uid,email,firstname,lastname,displayname,compteactif,fonctionuser,serviceuser,departementuser,directionuser,contrat,MemberOf
cas.authn.oidc.core.user-defined-scopes.organisation=fonctionuser,serviceuser,departementuser,directionuser
cas.authn.oidc.core.user-defined-scopes.profile=firstname,lastname,displayname,compteactif,contrat
cas.authn.oidc.core.user-defined-scopes.email=email
cas.authn.oidc.core.user-defined-scopes.memberofargos=MemberOf
cas.authn.oidc.core.user-defined-scopes.memberofedgar=MemberOf
cas.authn.oidc.core.user-defined-scopes.memberofsigport=MemberOf
cas.authn.oidc.discovery.scopes=openid,profile,email,organisation,memberofargos,memberofedgar,memberofsigport
and we can clearly see the released attributes in the log :
=============================================================
WHEN: 2026-02-24T14:28:30.878608180
WHO: audit:unknown
WHAT: {service=
https://testoidc.example.net/cas/oidc/authorize, scope=[organisation, memberofedgar, openid, email, profile], attributes={departementuser=[Département infrastructures usages et postes de travail], fonctionuser=[Ingénieur systèmes et réseau], firstname=[Alain], directionuser=[Direction des systèmes d'information], contrat=[Permanent], MemberOf=[argos, edgar, supervision], displayname=[Alain DELOING], compteactif=[true], serviceuser=[Service infrastructures], email=[
alain....@example.fr], lastname=[DELOING]}, id=adeloing, client_id=WwWNfRLCBStw1X3x0F7hYIm5m5z0UY}
ACTION: OAUTH2_USER_PROFILE_CREATED
CLIENT_IP: 192.168.1.111
SERVER_IP: 192.168.1.59
=============================================================
Attribute values containing special characters are displayed : like fonctionuser=[Ingénieur systèmes et réseau],
But after authentication, they not displayed in my browser. I use an php index to display the attributes with his value like this :
$attributes = getallheaders();
<?php if (!empty($attributes)): ?>
<table>
<tr>
<th>Nom de l’attribut</th>
<th>Valeur(s)</th>
</tr>
<?php foreach ($attributes as $name => $values): ?>
<tr>
<td><?= htmlspecialchars($name, ENT_QUOTES, 'UTF-8') ?></td>
<td><?= htmlspecialchars($values) ?></td>
</tr>
<?php endforeach; ?>
</table>
<?php else: ?>
<p><em>Aucun attribut reçu.</em></p>
<?php endif; ?>
OIDC_CLAIM_directionuser :
OIDC_CLAIM_departementuser :
OIDC_CLAIM_serviceuser : Service infrastructures
OIDC_CLAIM_email : alain.del...@example.fr
OIDC_CLAIM_lastname : DELOING
OIDC_CLAIM_preferred_username : adeloing
Has anyone else encountered this issue ?
I should point out that under SAML, accented values are displayed like this : fonction
: Ingénieur systèmes et réseau
Regards