WSO2 Identity Server not returning requested claims with OAuth/OpenID

Question

I'm trying out OAuth/OpenID with WSO2 Identity Server 5.1.0, but I'm having problems with returning the claims I need. I'm not sure if I'm misunderstanding how this should work...

I'm using the default resident identity provider.

The service provider has the claims configured like this:

This only other configuration for this SP is inbound authentication with OAuth2.

When I get an OAuth token for this service using the openid scope, the JWT received only has the subject field (email address in this case). I was expecting to also receive the requested claims, i.e., roles.

Is this not the way to do it? If not, how can I achieve this? (note: was hoping to keep this to OAuth/OpenID only).

Any help is much appreciated, as I'm quite stumped with this.

farasath farasath · Accepted Answer · 2016-05-06T18:48:22

Currently, we have identified certain limitations when trying to retrieve requested claims in an OpenID token.

However, you can try out the below scenario,

So basically you need to pick claims that have a mapping between the "http://wso2.org/oidc/claim" dialect to "http://wso2.org/claims" dialect (I would suggest you try out email, lastname and country for example)
Make sure that the claim values are filled in the user profile.
Obtain the OpenID token using Authorization Code grant or Implicit grant

By using the WSO2 Identity Server beta pack[1] you should be able to successfully retrieve the claims as well as a 'sub' claim with the claim that you set as the Subject Claim URI

[1] https://github.com/wso2/product-is/releases/tag/v5.2.0-beta

WSO2 Identity Server not returning requested claims with OAuth/OpenID

3 Answers