User Attribute Mapping: Getting the roles from the idTokenClaims

Nicky_Goethals · November 30, 2022, 4:29pm

I am having issues getting either an array or values from an idToken to be mapped when logging in using an Identity Provider.

The configuration is done in: Config / Security / Identity Providers / example_identity_provider - User Attribute Mapping

Taking the following example, what would the path look like to get the mapping to the user, admin roles ( JSONPath: $.idTokenClaims.[example-of-roles][*] ).

{
  "idTokenClaims": {
  "userInfo": {
    "https://exaple.io/jwt/claims": {
      "example-of-roles": [
        "user",
        "admin"
      ]
    }
  }
 }
}

I have been trying a lot of things, the roles have also been added identically to the default user provider which is used by the idp.

The documentation does not make me much wiser (User Attribute Mapping - Ignition User Manual 8.1 - Ignition Documentation)

Kind Regards

jspecht · December 3, 2022, 1:19am

I am assuming the json you posted is a snippet from the "Response Data" tab on the Test Login results page in the Gateway Config UI, tested against an external OIDC IdP (correct me if I am wrong).

If that's the case, then using a user attribute mapper of type direct, I would think this should work:

Source: ID Token Claims
Path: userInfo["https://exaple.io/jwt/claims"]["example-of-roles"]

Nicky_Goethals · December 15, 2022, 9:52am

Hi,

I had to give the path in this way:

["https://exaple.io/jwt/claims"]["example-of-roles"]

Without userInfo in front of it.

That solved it.

Kind Regards,
Nicky