WSO2 Carbon supports different claim dialects. A claim dialect can be thought of as a group of claims. A claim carries information from the underlying user store.
Claim attributes in user profile info page:
In WSO2 IS each piece of user attribute is mapped as a claim. If you visit the user profile page for a specific user (Configure --> Users and Roles --> Users --> User Profile), you can view the user profile data (see figure 1 below).
 |
| Figure 1 |
As you can see there are mandatory fields (eg: Profile Name), optional fields (eg: Country) and read only fields (eg: Role).
You can add a new user profile field to the above page. If you visit Claim Management list (in Configure --> Claim Management), there are set of default claim dialects listed in WSO2 IS. Among them http://wso2.org/claims is the default dialect for WSO2 Carbon. You can follow the steps below to add a new field to the user profile info page:
- Click on dialect http://wso2.org/claims . This will list down a set of claim attributes.
- Lets say you need to add attribute "Nick Name" to the user profile page.
- Click on attribute "Nick Name" and "Edit" . There are a set of fields you can edit. Some important features are:
- Supported by Default - This will add the attribute to the user profile page
- Required - This will make the attribute mandatory to fill when updating user profile
- Read-only - This will make the attribute read-only
- You can try actions listed above and add any attribute listed in the dialect (or add a new claim attribute using "Add new Claim Mapping" option)
One such dialect is http://wso2.org/oidc/claim which is defined for OpenID attribute exchange. Attributes defined in this dialect will be used when retrieving claims for user info requests (as I have described in my previous post on "Accessing WSO2 IS profile info with curl" ).
How to add a value to a claim defined in OpenID dialect?
(This mapping is currently valid for WSO2 IS 5.0.0 and will get changed in a later release)
You can follow the steps below when adding a value to a claim attribute in the OpenID dialect.
- Start WSO2 IS and login.
- Go to wso2 OpenID claim dialect. (http://wso2.org/oidc/claim)
- Find a claim attribute that you need to add a value to. (eg: Given Name)
- Go to User Profile page. This will not display an entry to add Given Name attribute.
- As I have described in the first section of this post add a new claim mapping to the default dialect for WSO2 Carbon (http://wso2.org/claims) with the name and the "Mapped Attribute (s)". (Eg: Add a new Claim with the following details: )
- Display Name : Given Name
- Claim Uri : given_name
- Mapped Attribute (s) : cn ----> add the same Mapped Attribute in you OpenID claim attribute
- Supported by Default : check
- Required : check
- Now you have a new claim attribute added to the default dialect for WSO2 Carbon
- If you visit the user profile page of a user you can add a value to the newly added attribute.
- If you retrieve user info as in "Accessing WSO2 IS profile info with curl" you can see the newly added value is retrieved in the format {<Claim Uri > : <given value>} eg: ({given_name : xxxxx})
This claim mapping operate as follows:
> When you add a value to a user profile field via the UI (eg: adding a value to "Full Name" will map the value with the mapping attribute "cn" of the claim).
> Hence if there is any other claim attribute in OpenID dialect http://wso2.org/oidc/claim that has the same mapping attribute "cn" then, this will also get the value added above.
> (Eg: say you have "Mapping Attribute"="cn" in the claim attribute "Full Name" in OpenID dialect http://wso2.org/oidc/claim), You can get the value you have entered in to the "Full Name" entry in the user profile.
Hey,
ReplyDeleteThanks for sharing such an amazing and informative post. Really enjoyed reading it :)
Thanks
Apu
Claims Management Services