At the moment we use WSO2IS with OpenLDAP user store in which we have users with some custom attributes. WSO2IS is configured to return those custom attributes as claims in OpenID Connect token.
Now we want to install our application (including WSO2IS/OpenLDAP) to a new client which has its own Active Directory. This client wants for its users to be able to login using credentials stored in AD, but we are not allowed to put our custom attributes into client's AD.
Is it possible to configure WSO2IS so users are authenticated through Active Directory but generated OpenID Connect token gets claims from separate OpenLDAP store?
