WSO2 IS 5.0.0 userinfo endpoint ignoring its dialect configuration

1
votes

After performing the authentication against the WSO2 IS 5.0.0 and negotiating the access token, I perform a call to the userinfo endpoint:

https://:9443/oauth2/userinfo?schema=openid

It answers correctly with a JWT, but using always the dialect http://wso2.org/oidc/claim even if another dialect is configured in the in the identity.xml (for example http://wso2.org/claims)

It seems like the userinfo endpoint ignores the dialect configuration. Does anybody else has faced this problem? Is it a bug or am I missing something?

1
wso2is

1 Answers

1
votes

I think this is not a bug. because by default Openid claim dialect returns userinfo(oidc) according to the Openid Specification.WSO2 uses default claim dialect to retrieve userinfo as wso2 calim dialect. But this wso2 claim dialect should be mapped with OpenID claim dialect (http://wso2.org/oidc/claim). If you want to retrieve userinfo additional than default info, you need to map "http://wso2.org/claims" attributes with "http://wso2.org/oidc/claim”. Otherwise it returns by default mapped properties only ("phone_number", "email", "family_name" and "country").

Below steps are to retrieve ‘mobile’ as a claim though it is not configured as default

  1. Go to the "Claim Management" under "Configure" tab.

  2. Then click "http://wso2.org/oidc/claim" and check whether this "Mobile" claim is available or not. If it is not available, you need to add New Claim mappingenter image description here. If this "Mobile" claim is already exist, you need to check whether that mapped attribute is equal with "http://wso2.org/claims/mobile" Mobile mapped attribute. enter image description here (Note:http://wso2.org/oidc/claim particular mapped attribute should be equal with your http://wso2.org/claims particular claim attribute).

  3. Like this you can map "http://wso2.org/claims" particular claims with "http://wso2.org/oidc/claim" claims.