CAS OIDC: Configure different scope with different claims

54 views

Skip to first unread message

Devendra Sisodia

unread,

Apr 4, 2019, 10:52:01 AM4/4/19

to cas-...@apereo.org

Hello all,

I have configured CAS 5.3.6 with protocol OpenId Connect protocol for authentication.

Issue 1:

Each scope should map to at least one or more claims. Right now it doesn’t matter which scope is chosen, always same set of claims is returned. Even if you provide no claims at all it still works, but should result in an error.

Issue 2:

https://cas.example.org:8443/sso/oidc/.well-known/ => "id_token_signing_alg_values_supported":["none","RS256"],

alg for signing jwt returns both valid value and "none". How to avoid "none" ?

cas.properties:

#OIDC

cas.authn.oidc.scopes=openid,profile,email,roles

cas.authn.oidc.claims = sub,email,givenName,isImpersonating, impersonator, firstName, lastName, roles, name

cas.authn.oidc.userDefinedScopes.profile=isImpersonating, impersonator, firstName, lastName, roles

cas.authn.oidc.userDefinedScopes.email=email

cas.authn.oidc.userDefinedScopes.roles=roles

cas.authn.oidc.issuer=http://cas.example.org:8443/cas/oidc

# Map predefined OIDC claims to our principal (user) attributes

cas.authn.oidc.claimsMap.givenName=firstName

cas.authn.oidc.claimsMap.lastName=lastName

cas.authn.oidc.claimsMap.mail=email

cas.authn.oidc.claimsMap.authorites=roles

cas.authn.oidc.claimsMap.name=name

Thanks & regards,

Devendra
Mobile: +49 1748437888

Reply all

Reply to author

Forward

0 new messages