Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12181

REST STS OIDC multi value local attributes not transformed into Claims correctly

    Details

    • Sprint:
      AM Sustaining Sprint 46, AM Sustaining Sprint 47
    • Story Points:
      2
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Bug description

      When the REST STS creates a new OIDC token (output token), multi value attributes in the Data Store (arrays, Strings with spaces) are not shown correctly when transformed to Claims in the JWT.

      How to reproduce the issue

      I don't think the input to the REST STS will matter, but I setup an OIDC > OIDC transformation for testing.

      1. Setup AM instance with OIDC Authorization Service (token.example.com)
      2. Setup AM instance with REST STS (sts.example.com)
      3. Configure the REST STS claim map to map attributes that either use an array (e.g. objectClass) or have spaces in (e.g. first name as givenName)
      4. On sts.example.com, create an OIDC Bearer id_token module to validate the token created on token.example.com. Map the Claim sub to the uid attribute and ensure that a user profile exists (just use uid demo)
      5. Create input token using token.example.com and then send this to the sts. Where the Data Store attributes were arrays or Strings with spaces, will now be shown as one long String in the output token Claims.
      Expected behaviour
          "objectClass": [
              "a",
              "b"
          ],
          "givenName": "first name"
      
      Current behaviour
          "objectClass": "ab",
          "givenName": "firstname"
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                aaron.haskins Aaron Haskins
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: