Define attribute release rules to release "campusId" attribute to be released if asked to be released for ID Token as essential claim. 1. Make sure "campusId" is not requested anymore by scope. | Code Block |
|---|
| nano +643 /etc/httpd/conf.d/auth_openidc.conf
OIDCScope "openid"
|
2. Modify RP to ask "campusId" as essential ID Token claim. | Code Block |
|---|
| nano +417 /etc/httpd/conf.d/auth_openidc.conf
OIDCAuthRequestParams claims=%7B%22id_token%22%3A%7B%22campus_id%22%3A+%7B%22essential%22%3A+true%7D%7D%7D
service httpd restart |
3. Add Remove or comment the campus scope filter rule and add a new filtering rule that will release "campusId" as a claim only if requested to be released as essential ID Token claim | Code Block |
|---|
| theme | RDark |
|---|
| title | Hints, Tips and Result |
|---|
| collapse | true |
|---|
| <AttributeFilterPolicy id="REQUESTED_CAMPUS_CLAIMS">
<PolicyRequirementRule xsi:type="ANY" />
<AttributeRule attributeID="campusId">
<PermitValueRule xsi:type="oidcext:AttributeInOIDCRequestedClaims" matchOnlyIDToken="true" onlyIfEssential="true" />
</AttributeRule>
</AttributeFilterPolicy> |
4. Authenticate the user and verify from the logs the attribute is released. At this point you should be able to do it without hints and tips.
|