User Attribute Mapping: Getting the roles from the idTokenClaims

I am having issues getting either an array or values from an idToken to be mapped when logging in using an Identity Provider.

The configuration is done in: Config / Security / Identity Providers / example_identity_provider - User Attribute Mapping

Taking the following example, what would the path look like to get the mapping to the user, admin roles ( JSONPath: $.idTokenClaims.[example-of-roles][*] ).

{
  "idTokenClaims": {
  "userInfo": {
    "https://exaple.io/jwt/claims": {
      "example-of-roles": [
        "user",
        "admin"
      ]
    }
  }
 }
}

I have been trying a lot of things, the roles have also been added identically to the default user provider which is used by the idp.

The documentation does not make me much wiser (User Attribute Mapping - Ignition User Manual 8.1 - Ignition Documentation)

Kind Regards

I am assuming the json you posted is a snippet from the "Response Data" tab on the Test Login results page in the Gateway Config UI, tested against an external OIDC IdP (correct me if I am wrong).

If that's the case, then using a user attribute mapper of type direct, I would think this should work:

Source: ID Token Claims
Path: userInfo["https://exaple.io/jwt/claims"]["example-of-roles"]

Hi,

I had to give the path in this way:

["https://exaple.io/jwt/claims"]["example-of-roles"]

Without userInfo in front of it.

That solved it.

Kind Regards,
Nicky

1 Like