oidc attributes mapping, scope and IDtoken

[Sandor Juhasz]

Hello,

i would like to add some attributes to the ID token, but i am already lost

at mapping those.

I have two auth sources, one ldap and one jdbc.

I would like to have

uid

preferred_username -> email

name 

email

mail

id

in the token.

I have these in the config.

cas.properties:

cas.authn.ldap[0].principalAttributeList=uid,mail:email,mail,uidNumber:id,cn:displayName

cas.authn.jdbc.query[0].principalAttributeList=uid,email,mail,diplayName

cas.authn.attributeRepository.attributes.uid=uid

cas.authn.attributeRepository.attributes.displayName=displayName

cas.authn.attributeRepository.attributes.mail=mail

cas.authn.attributeRepository.attributes.email=email

cas.authn.attributeRepository.attributes.preferred_username=email

cas.authn.attributeRepository.attributes.id=id

cas.authn.attributeRepository.merger=ADD

cas.authn.attributeRepository.defaultAttributesToRelease=email,mail,uid,id,displayName

cas.authn.oidc.scopes=openid,profile,email,address,phone,offline_access,testScope

cas.authn.oidc.userDefinedScopes.testScope=preferred_username,name,email,mail,uid,id

cas.authn.oidc.claimsMap.preferred_username=email

cas.authn.oidc.claimsMap.name=displayName

cas.authn.oidc.claimsMap.id=id

service.json:

"scopes": [ "java.util.HashSet", [ "openid", "testScope"]]

In the end i get a preferred_username in the IDtoken, but even that is wrong.

--

Sándor Juhász

System Administrator
ChemAxon Ltd.

Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031

Cell: +36704258964

[Ray Bon]

Sandor,

I also put the attributes in the service definition.

See https://apereo.github.io/cas/5.1.x/integration/Attribute-Release-Policies.html.

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 023 | rb...@uvic.ca