Possibilities to introduce claim names mapping

By: Lukasz Golinski named 17 Aug 2022 at 5 a.m. CDT

6 Responses
Lukasz Golinski gravatar
Hello, We are working on a solution which is FTN complient. FTN spec introduce custom claim names. Example: urn:oid:2.5.4.4 claim refers to family_name. l would like to ask whether is it possible to configure claim name mapping? Either at the RP level (client configuration) or at the scope level (dynamic scope script configuration?) Example: User requests scope "A" which is mapped to "family_name" claim, but in the idToken we would like to receive mapped claim name -> urn:oid:2.5.4.4 I would appreciate your input on that. Best regards, Lukasz Golinski
Gluu 4.4 Docker 20.1
closed

Answers

By Aliaksandr Samuseu staff 17 Aug 2022 at 9:30 a.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Lukasz. Not sure I understood your use case correctly, but it seems like something that already can be done with dynamic scope custom script. You can manipulate returned claims from there, remove them and add new ones at will. So you could make sure scope A is requested, then search for "family_name" claim, extract its value, remove the claim, and add a new claim with this value called "urn:oid:2.5.4.4" Does it make sense?

By Lukasz Golinski named 17 Aug 2022 at 9:45 a.m. CDT

Copy
Lukasz Golinski gravatar
Hi Aliaksandr, Yes. That does make sense. That was the approach I had in mind. Otherwise is there an option to configure it per client rather than per scope? Example: client A requests scope A and receives family_name claim client B requests scope A and receives urn:oid:2.5.4.4 claim name instead. Lukasz.

By Aliaksandr Samuseu staff 17 Aug 2022 at 2:49 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
The only thing that comes to mind is that you can extract the requesting client's id into a variable inside the dynamic scope script (at least it was possible before), then run some checks on it, only applying the transformations for a certain client.

By Aliaksandr Samuseu staff 17 Aug 2022 at 2:53 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
I have next example code snipped saved, but not sure what version it's from, so it may need to be adapted for latest releases: ``` authorizationGrant = dynamicScopeContext.getAuthorizationGrant() client_id = authorizationGrant.getClientId() client_name = authorizationGrant.getClient().getClientName() ```

By Aliaksandr Samuseu staff 24 Aug 2022 at 3:31 p.m. CDT

Copy
Aliaksandr Samuseu gravatar
Hi, Lukasz. Were my last suggestions helpful? What other questions do you have?

By Lukasz Golinski named 30 Aug 2022 at 5:02 a.m. CDT

Copy
Lukasz Golinski gravatar
Thank you. Your suggestions were helpful. I am closing the ticket.

Post an answer