-
Notifications
You must be signed in to change notification settings - Fork 7
oidcext:AttributeInOIDCRequestedClaims
The AttributeInOIDCRequestedClaims type is a matcher which returns attribute values after comparing them to requested claims parameter of oidc authentication request. The default functionality filters out all attribute values that do not have a matching claim in id token or user info section of requested claims. The attribute is mapped to requested claim by the name of the oidc encoder attached to it. Note, If you have multiple oidc encoders defined for single attribute, matching is done if any of the encoder names match requested claim.
The type itself is defined within the org.geant.idpextension.oidc.attribute.filter, the schema for which can be located at https://github.com/CSCfi/shibboleth-idp-oidc-extension/blob/master/idp-oidc-extension-impl/src/main/resources/schema/idp-oidc-extension-afp.xsd. The reference project locates the schema from classpath:/schema/idp-oidc-extension-afp.xsd.
-
matchIfRequestedClaimsSilent that is of type string. If no requested claim set exists in the authentication request none of the idp attribute values are filtered out. Default value of the flag is false.
-
matchOnlyUserInfo that is of type string. The matching claim has to exist in user info section of requested claims set. Default value of the flag is false.
(Migrated)
-
matchOnlyIDToken that is of type string. The matching claim has to exist in id token section of requested claims set. Default value of the flag is false.
-
onlyIfEssential that is of type string. The matching claim has to be requested as essential claim. Default value of the flag is false.
Example reads "Remove values of the attribute if the claim is not essential".
<Rule xsi:type="oidcext:AttributeInOIDCRequestedClaims" onlyIfEssential="true" />
(Migrated)