OpenID Attribute Questions

By: D S user 14 Sep 2016 at 9:21 a.m. CDT

1 Response
D S gravatar
Hello, I have a few questions about OpenID Connect that I hope you may be able to help me with please: - Does it matter if an attribute within an OpenID claim is set as 'true' to scim attribute? This won't impact being able to request to see the claims via userinfo endpoint? - Additionally, a claim attribute that is attached to the Client is attribute 'username' does this need to be set as 'attribute type: openid' will it cause issues? - Having issues requesting claims (viewing which attributes are in the claim) from userinfo endpoint, OpenID Connect JSON formatted address need to be added as a claim to every scope, is it required? - What is scopetype 'dynamic'? - I created the scope and attached it to a Client, however, I have since edited the attributes that are in the claim. Will these updates automatically be applied or do I need to remove/re-add the attributes? Thanx for your help
CentOS67
closed

Answers

By Aliaksandr Samuseu staff 14 Sep 2016 at 9:41 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, D S. 1. No, it allows it to be used in SCIM flows 2. You need to declare all attributes you want be available in OIDC flows as such. 3. Not sure what your issue is, you'll need to diagnose a bit yourself, checking what appears in logs and whether your settings conform to official OIDC specs. If you'll find out that Gluu violates those specs, please provide us logs and captures that back up this suspicion, so we could analyze/reproduce them. Please check [this article](https://www.gluu.org/docs/gluu-defaults/logs/) for some clues on how to prepare it. 4. I'll check and get back to you with an answer to this 5. Can't answer this without knowing what those edit were. If you just changed some properties of attribute, you don't need to re-add it. If you removed it and created a new one with the same name - you need to re-add itt

Post an answer