Affects Version/s: 5.5.1
Component/s: OpenID Connect
Multi-valued LDAP attributes are not added to the OIDC id_token as expected. Only the first value for the attribute is added and the others are discarded.
1). Install AM 5.5.1
2). Edit an existing user with an LDAP browser and add the businessCategory attribute to the user. This is of type OID 1.2.840.113518.104.22.168.3 which is the Directory String syntax type. Add multiple values to this attribute for testing purposes.
3). Edit the default 'OIDC Claims Script' and add businessCategory to this:
...and in the scopeClaimsMap here:
4). Create an OIDC OAuth2 client in AM named 'test'
5). Logout and send the following type of request via the browser for verification:
6). Note the following on the subsequent consent page, all is as expected here:
7). Generate an id_token:
8). Check the resulting JWT and note the single initial value for businessCategory: