WSO2 Identity Server - Cannot Use Dialect I defined in Service Provider's Claim Configuration

0
votes

I created my own dialect using the manaement console Configure-->Claim Management. After doing this, I wanted to configure my Service Provider to be associated with these claims, so I edited my SP and went to the Claim Configuration section. The issue I am running into is the only Local Claim claims which show up are the default wso2 ones. So you only ever see ones starting with http://wso2.org/claims/.

With that said, I don't believe choosing Define Custom Claim Dialect is an appropriate alternative since I defined a dialect already. It would make zero sense to go an map that back to the default dialect, so I'm assuming this would not be the route.

Is there some configuration setting to list values from other defined dialects? Besides the one I created, there a quite a few that come OOB anyway. Is this a bug? I would assume my dialect along with all the other OOB ones would be Local Claim Dialects.

The Claims Management in the docs is just way to general to discern is there's some funny requirement. https://docs.wso2.com/display/IS500/Claim+Management

WSO2 Identity Server 5.0.0

1
wso2claims-based-identitywso2is
There is a ticket related to this: wso2.org/jira/browse/IDENTITY-3037jeremy simon

1 Answers

0
votes

I created a workaround, which works for my situation.

Once again, this is with IS 5.0.0. In my situation, no claims or dialects preconfigured fit my needs and I want my own special URIs defined ONLY.

So here's what I did:

  1. In the Management Console, went to Configure-->Claim Management.
  2. Edited the "http://wso2.org/claims" dialect.
  3. Added each claim I wanted to this dialect. I was able to enter whatever URI I pleased, even though the dialect had a different URI (that's a good thing!) along with the property name I wanted it associated with. e.g., http://example.com/claims/claimname1
  4. Then I went to configure the claims / attributes I wanted to be communicated to a particular Service Provider by editing its Claim Configuration...
  5. Selected "Use Local Dialect".
  6. For each claim I wanted to add, clicked "Add Claim URI" at "Request Claims", and selected a URI I created.
  7. (OPTIONAL) I deleted all non-custom URIs in the "http://wso2.org/claims" dialect, because I found in my custom user store that getUserPropertyValues() was still getting passed every single claim attribute to resolve. It was trying to resolve more than 20 properties at every login. Some performance help! :)