WSO2 Carbon supports different claim dialects. A claim dialect can be thought of as a group of claims. A claim carries information from the underlying user store.
Claim attributes in user profile info page:
In WSO2 IS each piece of user attribute is mapped as a claim. If you visit the user profile page for a specific user (Configure --> Users and Roles --> Users --> User Profile), you can view the user profile data (see figure 1 below).
Figure 1 |
As you can see there are mandatory fields (eg: Profile Name), optional fields (eg: Country) and read only fields (eg: Role).
You can add a new user profile field to the above page. If you visit Claim Management list (in Configure --> Claim Management), there are set of default claim dialects listed in WSO2 IS. Among them http://wso2.org/claims is the default dialect for WSO2 Carbon. You can follow the steps below to add a new field to the user profile info page:
- Click on dialect http://wso2.org/claims . This will list down a set of claim attributes.
- Lets say you need to add attribute "Nick Name" to the user profile page.
- Click on attribute "Nick Name" and "Edit" . There are a set of fields you can edit. Some important features are:
- Supported by Default - This will add the attribute to the user profile page
- Required - This will make the attribute mandatory to fill when updating user profile
- Read-only - This will make the attribute read-only
- You can try actions listed above and add any attribute listed in the dialect (or add a new claim attribute using "Add new Claim Mapping" option)
One such dialect is http://wso2.org/oidc/claim which is defined for OpenID attribute exchange. Attributes defined in this dialect will be used when retrieving claims for user info requests (as I have described in my previous post on "Accessing WSO2 IS profile info with curl" ).
How to add a value to a claim defined in OpenID dialect?
(This mapping is currently valid for WSO2 IS 5.0.0 and will get changed in a later release)
You can follow the steps below when adding a value to a claim attribute in the OpenID dialect.
- Start WSO2 IS and login.
- Go to wso2 OpenID claim dialect. (http://wso2.org/oidc/claim)
- Find a claim attribute that you need to add a value to. (eg: Given Name)
- Go to User Profile page. This will not display an entry to add Given Name attribute.
- As I have described in the first section of this post add a new claim mapping to the default dialect for WSO2 Carbon (http://wso2.org/claims) with the name and the "Mapped Attribute (s)". (Eg: Add a new Claim with the following details: )
- Display Name : Given Name
- Claim Uri : given_name
- Mapped Attribute (s) : cn ----> add the same Mapped Attribute in you OpenID claim attribute
- Supported by Default : check
- Required : check
- Now you have a new claim attribute added to the default dialect for WSO2 Carbon
- If you visit the user profile page of a user you can add a value to the newly added attribute.
- If you retrieve user info as in "Accessing WSO2 IS profile info with curl" you can see the newly added value is retrieved in the format {<Claim Uri > : <given value>} eg: ({given_name : xxxxx})
This claim mapping operate as follows:
> When you add a value to a user profile field via the UI (eg: adding a value to "Full Name" will map the value with the mapping attribute "cn" of the claim).
> Hence if there is any other claim attribute in OpenID dialect http://wso2.org/oidc/claim that has the same mapping attribute "cn" then, this will also get the value added above.
> (Eg: say you have "Mapping Attribute"="cn" in the claim attribute "Full Name" in OpenID dialect http://wso2.org/oidc/claim), You can get the value you have entered in to the "Full Name" entry in the user profile.