Ping Identity Data Governance Broker

Data Governance Broker Documentation Index
Configuration Reference Home

OpenID Connect Claim

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

OpenID Connect Claims defines a claim that may be exposed through the UserInfo endpoint and its mapping to attribute(s) of the identity resource.

Claims may be defined by name or the path to the specific field of a claim. Examples:

'name' - Defines the 'name' claim whose value is mapped from the identity resource attribute.
'name.last' - Defines the 'name' claim whose value is a JSON object where the field 'last' is mapped from the identity resource attribute.
'*' - All core or extension identity resource attributes are defined as claims with the same name and value.

The 'sub' claim is defined by the system and may not be mapped.

↓Properties
↓dsconfig Usage

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ identity-resource-attribute	None

Basic Properties

identity-resource-attribute

Description	The attribute of the identity resource to be mapped to the OpenID Connect Claim. Examples of valid attribute paths are: 'name' - Maps the 'name' core attribute of the identity resource. 'name.familyName' - Maps the 'familyName' sub-attribute of the 'name' core attribute of the identity resource. '' - Maps all core attributes at the top level of the identity resource. 'urn:extension:' - Maps all extended attributes from the schema extension 'urn:extension' in the identity resource. 'addresses[type eq "preferred"].postalCode' - Maps the postalCode sub-attribute of the address core attribute where the sub-attribute type equals 'preferred'. When multiple attributes are defined, the first attribute that has a non-null value will be mapped.
Default Value	None
Allowed Values	A string
Multi-Valued	Yes
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured OpenID Connect Claims:

dsconfig list-openid-connect-claims
     [--property {propertyName}] ...

To view the configuration for an existing OpenID Connect Claim:

dsconfig get-openid-connect-claim-prop
     --claim-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing OpenID Connect Claim:

dsconfig set-openid-connect-claim-prop
     --claim-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new OpenID Connect Claim:

dsconfig create-openid-connect-claim
     --claim-name {name}
     --set identity-resource-attribute:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing OpenID Connect Claim:

dsconfig delete-openid-connect-claim
     --claim-name {name}