I am trying to map LDAP groups/roles to local roles in WSO2. I have created one service provider in WSO2 with OAuth/OpenID connect configurations. In Claim Configuration of the service provider, I have requested for roles by mapping OIDC groups claim URI to local role claim URI. I do the password grant using the username and password of a user from LDAP to get an access token. So when I hit the user info endpoint using access token. I should receive the local roles of WSO2 which are mapped with groups in LDAP as a part of user info.
1 Answers
3
votes
To map the ldap roles to WSO2 local roles, you have to do claim mapping. Please follow this document https://docs.wso2.com/display/IS580/Adding+Claim+Mapping for how to do claim mapping for a particular claim to an attribute in the userstore (LDAP).
When you are mapping the local role claim, please add the mapped attribute for Role claim in the userstore.
Please follow this document on how to configure claims for a service provider.: https://docs.wso2.com/display/IS570/Configuring+Claims+for+a+Service+Provider
