Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Conditional claim handling #1256

Closed
ruwanta opened this issue Jan 5, 2018 · 1 comment
Closed

Conditional claim handling #1256

ruwanta opened this issue Jan 5, 2018 · 1 comment
Assignees
@ruwanta
Labels
5.5.0 Complexity/Medium Resolution/Fixed Type/Improvement

Comments

@ruwanta
Copy link
Contributor

ruwanta commented Jan 5, 2018

Conditional Authentication needs to support claim handling.

  1. Allow read claims in javascript
  2. Add/Modify/Delete existing claims in Authentication Context
ayshsandu pushed a commit to ayshsandu/carbon-identity-framework that referenced this issue Feb 6, 2018
[WSO2 Release] [Jenkins wso2#1256] [Release 5.8.18] prepare release v…
375efef 
…5.8.18
ayshsandu pushed a commit to ayshsandu/carbon-identity-framework that referenced this issue Feb 6, 2018
[WSO2 Release] [Jenkins wso2#1256] [Release 5.8.18] prepare for next …
5b3c810 
…development iteration
@ruwanta ruwanta self-assigned this Feb 19, 2018
@ruwanta
Copy link
Contributor Author

ruwanta commented Feb 19, 2018

Documentation

Usually you will want to generate new claims or change a claim value after an existing authentication is successful.
E.g.
Generate the “Display Name” when you have “First Name” and “Last Name”
Generate “Age” when you have “Date Of Birth”

You are provided two array view of the claims

  • Array view with local claim URI
  • Array view with remote claim URI

Accessing a claim by local claim uri

var myClaimValueX = context.subject.claims.local['http://wso2.org/claims/<x>];

Accessing a claim by remote claim uri

var myClaimValueX = context.subject.claims.remote['http://some.domain.you/claims/<x>];

Adding a new claim to the claim set

var newClaim = {}
//Populate claim values, remote and local URI with valid value.
...
context.subject.claims.push(newClaim)

Example

Create the "Display Name" and attach it as a new claim, by using the first name and last name of the authenticated user.

function onInitialRequest (context) {
   executeStep({id :'1',
       on : {
           success : function(context) {
               Log.info('First Authentication success');
               var fName = context.subject.claims.local['http://wso2.org/claims/givenname'];
               var lName = context.subject.claims.local['http://wso2.org/claims/lastname'];
               var displayName = fName + ' '+ lName + ' by Javascript';
               var newClaim = {'local' : {}, 'remote': {}};
               newClaim.remote.uri = 'http://your.domain.some/claims/displayName';
               newClaim.local.uri = 'http://wso2.org/claims/displayName';
               newClaim.value = displayName;

               Log.info('Display Name: '+displayName);
               context.subject.claims.push(newClaim)
           }
       }
   });
}

@ruwanta ruwanta closed this as completed Feb 19, 2018
lakshani pushed a commit to lakshani/carbon-identity-framework that referenced this issue Dec 4, 2020
@vihanga-liyanage
Merge pull request wso2#1256 from somindatommy/fix_9425_5100
4247fbf 
Template configs for validating iat of JWT tokens
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ruwanta ruwanta

Labels
5.5.0 Complexity/Medium Resolution/Fixed Type/Improvement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ruwanta