claim
Use the claim stanza entry to define an attribute that is added to the JWT as a claim.
Syntax
claim = [text|attr]{.<type>}{.array}::<value>{::<claim-name>}Description
A claim that is added to the generated JWT. The configuration entry can be specified multiple times for each claim that is added to the JWT.
Options
- text
- Used to indicate that literal text is added as a claim.
- attr
- Used to indicate that the claim is obtained from a credential attribute.
- <type>
-
The source can be qualified with a 'type' (delimited by a dot). The valid types include:
- bool
- The value is added as a boolean.
- int
- The value is added as an integer.
- string
- The value is added as a string.
If no type is specified, values are added as strings.
- array
-
If specified, the value is added as an array, regardless of how many values are present. If not specified, any single value attribute is added as a single element and any multi-valued attributes as an array.
- <value>
-
- For text
-
The value that is added.
An array of values can be specified by surrounding the string with square brackets ([]). A comma is used to delimit each individual value. The comma can be escaped with a backslash character if a literal comma is required in the value.
- For attr
-
The name of a credential attribute. The '*' and '?' pattern matching characters can be used to match multiple attributes. Pattern matching characters are ignored if the '<claim-name>' is specified.
- <claim-name>
- The name of the claim to be added to the JWT. Nested objects can be specified, separating the name of each object field with a . (dot). If the name of a field itself embeds a dot, it must be escaped with a backslash character (for example \.).
Usage
This stanza entry is required when the reverse proxy is generating a JWT that is to be sent to a junctioned server.
Default value
None
Example
claim = text::www.ibm.com::iss
claim = attr.int::BUSINESS_PHONE_NUMBER::phone.business
claim = attr::AZN_CRED_PRINCIPAL_NAME::sub
claim = attr.array::AZN_CRED_GROUPS::groupList
claim = attr.int.array::postCodes::postCodesList
claim = attr::AZN_*
claim = text.bool::true::is_jwt