requesting specific claims from the OIDC provider
Liam Hoekenga
liamr at umich.edu
Mon Oct 12 19:05:52 UTC 2020
Most of the time that I have added additional claims to our IDP (e.g.
"eduperson_principal_name"), I've also created custom scopes named after
the LDAP schemas (e.g. "eduperson") and tied the claim to that scope.
I'm trying to configure the release for an institutionally specific
attribute and we haven't really considered any scopes for institutional
claims (umich* attributes).
I'm trying to request claims using the claims parameter, and I don't seem
to be having much luck.
A previous thread suggests that it's possible..
https://marc.info/?l=shibboleth-users&m=159164654427455&w=2
I'm using mod_auth_openidc, and have tried both of the's claim requests
(URL encoded of course):
{"id_token":{"email":null,"email_verified":null},"userinfo":{"email":null,"email_verified":null,"name":null}}
{"id_token":{"email":{"essential":true},"email_verified":{"essential":true}},"userinfo":{"email":{"essential":true},"email_verified":{"essential":true},"name":{"essential":true}}}
Any suggestions?
Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20201012/621ed7dd/attachment.htm>
More information about the users
mailing list