Skip to main content

Mandatory Claims in OAuth 2.0 with Identity Server 5.3.0



When logging in to the Playground2 Sample with the Identity Server(as in the previous blog post - Getting Started with OAuth 2.0 using WSO2 Identity Server 5.3.0 and Playground2 Sample), it prompted for few claim values again although those claims were already set in the logged in user’s profile.


This blog post provides the steps to be taken in order to avoid this being prompted each and every time a user logs in.
This happens since these 2 local claims (http://wso2.org/claims/organization and http://wso2.org/claims/givenname) are not mapped in OIDC claim dialect as mentioned in https://docs.wso2.com/display/IS530/Adding+Claim+Mapping.
In order to map, following steps should be followed.
Select 'List' under 'Claims' in WSO2 Identity Server Management Console Main Tab.
Screen Shot 2017-02-21 at 8.34.55 PM.png
From there, select 'List' under 'Claims' in WSO2 Identity Server Management Console Main Tab.
Screen Shot 2017-02-21 at 9.14.27 PM.png
Next, select the OIDC claim dialect to be mapped from the list. Since I want to map the 'given_name' claim, I will select the 'Edit' of that claim as below.
Screen Shot 2017-02-21 at 9.22.41 PM.png
From the below given interface, select 'http://wso2.org/claims/givenname' from the 'Mapped Local Claim' dropdown and 'Update'.
Screen Shot 2017-02-21 at 9.25.22 PM.png
In order to add the claim 'Organization', select 'Add' under 'Claims' in WSO2 Identity Server Management Console Main Tab.
Screen Shot 2017-02-21 at 9.33.37 PM.png
Then, next step is to select 'Add External Claim' from the given options.
Screen Shot 2017-02-21 at 9.41.08 PM.png
From here, in the 'Dialect URI' dropdown select the dialect you want to add the claim to. I will select 'http://wso2.org/oidc/claim' since that's the claim we want to add the claim to.
Then provide the claim as 'External Claim URI' and select the local claim as 'Mapped Local Claim' from the drop down.

Screen Shot 2017-02-21 at 9.44.41 PM.png
After following these steps you can successfully log in to the Playground2 without providing Mandatory claims.
As mentioned above, if any user claim you set in the claim configuration of the service provider to be received to the client app, if the same claim is not added in the Open ID Connect Dialect, after authentication Identity Server will request the user to provide those claims. In order to avoid that, always make sure to map all the requested claims in the OIDC dialect with the claims in the Local Claim Dialect.  

Labels:

Comments

Post a Comment

Popular posts from this blog

Fixing 'java RMI - ConnectException: Operation timed out' in WSO2 Enterprise Integrator 6.4

If you ever come across the below exception when running WSO2 Enterprise Integrator 6.4, here is the fix. This error occurs when you have multiple IP addresses from different networks configured in your etc/hosts as below. 10.xxx.x.xxx localhost 192.xxx.x.xxx localhost So simply, removing the unnecessary one and leaving the one of the network that you are currently connected to should resolve this issue. 10.xxx.x.xxx localhost
Post a Comment
Read more

SIMPLE BLACKJACK GAME IN JAVA (CONSOLE)

import java.util.Scanner; class BlackJack{     public static void main(String[] args)      {         int player_random1 = 100;         int player_random2 = 100;         while(player_random1 >= 12 || player_random2 >= 12  || player_random1 < 3 || player_random2 <3)         {             player_random1 = (int)(Math.random()*100);             player_random2 = (int)(Math.random()*100);         }                  int player_total = player_random1 + player_random2;                  System.out.println("You get a "+player_random1+" and a "+player_random2);         System.out.println("Your total is "+player_total); if(player_total==21)         {             System.out.println("Blackjack! Player Wins!");    return;         } System.out.println();                  int dealer_random1 = 100;         int dealer_random2 = 100;                  while(dealer_random1 >= 12 || deale
Post a Comment
Read more

Calculator using PHP

This Calculator model will take inputs from the Number 1 and Number 2 fields and when the user clicks on the relevant operator the result will be displayed in the Results field. For log10(), to radian, to degree, sin, cos, tan operations only require one input. Hence, the user is instructed to input the values to the 1st field only. First, before proceeding with the calculation, we need to obtain the values from the text boxes. For that we should include all the form elements inside a form. The result is directed to the same page. Therefore we will use the form action as $_SERVER['PHP_SELF'] and the method as post. Next, we can obtain the values in the text boxes.       $_POST[' form_element_name '] will give you the value of the respective element. We can write the php code as follows (in the <head>) to obtain the value from Number 1 and Number 2 fields.       <?php              $num1=$_POST['num1']; //num1 is the name of th
Post a Comment
Read more