This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Configuring claims for an identity provider involves mapping the claims available in the identity provider to claims that are local to the WSO2 Identity Server. See the Identity Server Architecture topic for more information on how claim mapping fits into the identity provider scenario.

In the Claim Configuration form, there are two sub forms.

  • Basic claim configuration - This involves a straightforward mapping of the claim that is used on the identity provider side with the claims local to the Identity Server.
  • Advanced claim configuration - This involves more advanced mapping, where the mapped claims can have specific default values.

To view these, expand the Claim Configuration form.

Configuring basic claims

Select the claim mapping dialect by either choosing to use a local claim dialect (i.e., a claim dialect local to the Identity Server) or define your own custom claim dialect (i.e., a claim dialect which exists in the identity provider that must be mapped to the Identity Server).

  • If you choose to Use Local Claim Dialect, select the claim you require from the User ID Claim URI dropdown which includes a list of all the claims defined in the Identity Server.
    Basic Claim Configuration
  • If you choose to Define Custom Claim Dialect, do the following.
    Advanced Claim Configuration
    1. Click the Add Claim Mapping button under Identity Provider Claim URIs. Clicking this button again enables you to perform more claim mapping.
    2. Map the value of the corresponding claim in the identity provider to the claim in the Identity Server. Click the Delete button to remove the claim mapping.
    3. Select the User ID Claim URI from the dropdown which includes the list of identity provider claims you defined. This is used to uniquely identify the user by the identity provider.
    4. Select the Role ID Claim URI from the dropdown which includes the list of identity provider claims you defined. This is used to identify the role of the user by the identity provider.

Configuring advanced claims

You can make advanced claim configurations based on the basic configurations you have made.

  • If you chose to Use Local Claim Dialect in the Basic Claim Configuration, do the following.
    1. For the Provisioning Claim Filter, select the claims which exist in the Identity Server from the dropdown list and click Add Claim. Clicking this button again will add a new entry.
      Advanced Claim for local claims
    2. Enter a Default Value for your claim. This value is the default value used when provisioning this claim. This value will be used in all instances of this field, e.g., if all users are from one organization, you can specify the name of the organization as a default value using this field. Clicking the Delete button will remove this advanced claim.
  • If you chose to Define Custom Claim Dialect in the Basic Claim Configuration, do the following.
    1. Select the Identity Provider Claim URI you defined from the dropdown list and click Add Claim. Clicking this button again will add a new entry.
      Advanced Claim for custom claims
    2. Enter a Default Value for your claim. This value is the default value used when provisioning this claim. This value will be used in all instances of this field, e.g., if all users are from one organization, you can specify the name of the organization as a default value using this field. Clicking the Delete button will remove this advanced claim.
  • No labels