id-token-attributes
Use this entry to set a claim from the Id token response which should be included in the credential as an extended attribute.
Syntax
id-token-attributes = [+|-]<claim>Description
Multiple rules can be specified by creating additional configuration entries of the same name. When an Id token is received each claim will be evaluated against each rule in sequence until a match is found. The corresponding code (+|-) will then be used to determine whether the claim will be added to the credential or not. If the claim name does not match a configured rule it will by default be added to the credential.
Options
- For including or excluding claims as credential attributes:
- [+|-]<claim>
-
- +
- Indicates that this claim should be added to the credential.
- -
- Indicates that this claim should not be added to the credential.
- <claim>
- The corresponding claim name, which can also contain pattern matching characters (i.e. * ?).
- For mapping claims to other credential attributes:
- <claim>:<name>
-
- <claim>
- The name of the claim.
- <name>
- The name of the credential attribute the claim is mapped to.
Usage
This stanza entry is optional.
Default value
None.
Example
id-token-attributes = = -email
id-token-attributes = auth_time:AZN_CRED_AUTH_TIME