cas + oidc + id_token + custom claim/attribute and custom scope

[Sandor Juhasz]

Hello,

i have declared a custom scope 'testScope'

cas.authn.oidc.userDefinedScopes.testScope=preferred_username,email,uid,id,name,family_name,given_name

added it to the scopes

cas.authn.oidc.scopes=openid,profile,email,address,phone,offline_access,testScope

and getting error:

2017-09-05 08:32:12,281 WARN [org.apereo.cas.oidc.web.controllers.OidcAuthorizeEndpointController] - <Provided scopes [[testScope]] are undefined by OpenID Connect, which requires that scope [openid] MUST be specified, or the behavior is unspecified. CAS MAY allow this request to be processed for now.>

Don't know why, need help.

I have declared a custom claim for an ID.

cas.authn.oidc.claimsMap.id=id

What is also a principal attribute on my auth sources and is listed in my custom scope.

Also in the list of default attributes to release:

cas.authn.attributeRepository.defaultAttributesToRelease=mail,uid,id,displayName,firstName,lastName

Added it to the claims list:

cas.authn.oidc.claims=sub,name,preferred_username,family_name, \

    given_name,middle_name,profile, \

    picture,nickname,website,zoneinfo,locale,updated_at,birthdate, \

    email,email_verified,phone_number,phone_number_verified,address, \

    id

I see 'id' in the userinfo_endpoint (profile), but i want to get it in the id_token with the rest.

--

Sándor Juhász

System Administrator
ChemAxon Ltd.

Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031

Cell: +36704258964

[Sandor Juhasz]

The id mapping is working, was a typo somewhere, but the WARN is driving me crazy.

[Виктор Боровлёв]

For other people it could be a CAS bug. See CAS 5.3.0-RC-1 Feature Release -> https://apereo.github.io/2017/12/29/530rc1-release/

3. A series of small bug fixes to ensure claims and scopes are properly recognized and released via the OpenID Connect protocol.

вторник, 5 сентября 2017 г., 16:40:22 UTC+7 пользователь Sandor Juhasz написал: