[OPENAM-4459] OpenID Connect attribute mappings should be localizable Created: 09/Sep/14  Updated: 15/Dec/15  Resolved: 22/Dec/14

Status: Resolved
Project: OpenAM
Component/s: OpenID Connect
Affects Version/s: 11.0.0
Fix Version/s: 13.0.0

Type: Improvement Priority: Major
Reporter: Jelle Verbraak [X] (Inactive) Assignee: James Phillpotts
Resolution: Fixed Votes: 1
Labels: 12.0.0-Backlog, AME, TESLA, release-notes
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File openid.png    
Sprint: Sprint 76 - Team Tesla
QA Assignee: Garyl Erickson

 Description   

The attribute mapping for OpenID connect are currently being hard coded in the ScopeImpl.java class

http://sources.forgerock.org/browse/openam/trunk/openam/openam-oauth2/src/main/java/org/forgerock/openam/oauth2/provider/impl/ScopeImpl.java?r=10426

scopeToUserUserProfileAttributes = new HashMap<String, Object>();
scopeToUserUserProfileAttributes.put("email","mail");
scopeToUserUserProfileAttributes.put("address", "postaladdress");
scopeToUserUserProfileAttributes.put("phone", "telephonenumber");

Map<String, Object> profileSet = new HashMap<String, Object>();
profileSet.put("name", "cn");
profileSet.put("given_name", "givenname");
profileSet.put("family_name", "sn");
profileSet.put("locale", "preferredlocale");
profileSet.put("zoneinfo", "preferredtimezone");

scopeToUserUserProfileAttributes.put("profile", profileSet);

It would be nice that we have a OpenID attribute to local attribute mapper configuration field in the OpenID connect service (OpenAM console).

Note you need to configure your scopes in the oauth 2.0 client agent profile according to the claim names instead of the local attribute names (I don't find these steps in the documentation ).
For example email instead of mail.

Maybe you can make a section in the documentation about this topic.



 Comments   
Comment by Jelle Verbraak [X] (Inactive) [ 09/Sep/14 ]

Typo fixed in Description.

Comment by Jonathan Scudder [ 22/Oct/14 ]

@Sam: Consider this issue with Phill

Comment by Sam Drew [ 23/Oct/14 ]

This is currently implemented as a plugin point, rather than providing console based configuration options. It would be worth evaluating whether this needs to be a plugin, whether it should be configurable via the console, or some combination of the two.

Comment by James Phillpotts [ 22/Dec/14 ]

The oauth 2 provider now has configuration options for attribute mappings for the userinfo service.

Generated at Tue Oct 27 04:09:31 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.