​Hi IBM community,

In an OAuth workflow, I would like to set a stsuu attribute in the pretoken mapping rules that I would later re-use in the posttoken mapping rules.

The addAttribute method takes name, type & value.

The type is a string, for example something like "urn:ibm:jwt:claim" for attribute that we will incude in the OIDC jwt.

My questions are about this type.
- where can I find documentation/explanation on this?
more precisely
- where are those type defined? what is available? can we define custom ones? How exactly are they used? etc.

In a nutshell, I would like to understand them to make sure I use them in a way that makes sense instead of just "winging it" until I manage to accomplish what I need :-)

Thanks for your help!
Louis



​​

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Hi Louis,

This KC topic may be of use to you, it touches on OIDC attributes:
There is also this topic which includes some examples of working with the JWT, look for the sub-heading "Modifying JWT signing and encryption parameters in the pre-token mapping rule"

When it comes to the 'type' of an attribute, there are lots, as I'm sure you've noticed. we don't publish and maintain a definitive list as there are some internal types which we don't intend for an administrator to work with.

Some common types you'll see include:

I'm happy to answer any questions about what the above are used for.

For passing data between the pre-token and post-token rule, using a custom type as you mention is a good and valid approach.

Thanks

------------------------------
Leo Farrell
------------------------------

Original Message:
Sent: 09-11-2018 09:50
From: Louis Beaudry
Subject: stsuu attributes type

​Hi IBM community,

In an OAuth workflow, I would like to set a stsuu attribute in the pretoken mapping rules that I would later re-use in the posttoken mapping rules.

The addAttribute method takes name, type & value.

The type is a string, for example something like "urn:ibm:jwt:claim" for attribute that we will incude in the OIDC jwt.

My questions are about this type.
- where can I find documentation/explanation on this?
more precisely
- where are those type defined? what is available? can we define custom ones? How exactly are they used? etc.

In a nutshell, I would like to understand them to make sure I use them in a way that makes sense instead of just "winging it" until I manage to accomplish what I need :-)

Thanks for your help!
Louis



​​

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

​Thank you Leo. After reading these articles (and grasping a little better how it all works), I finally realised that the attribute I needed was indeed avalable in the post mapping, I just didn't know how to get to it. All good now.

Much appreciated!
Louis

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------

Original Message:
Sent: 09-12-2018 20:30
From: Leo Farrell
Subject: stsuu attributes type

Hi Louis,

This KC topic may be of use to you, it touches on OIDC attributes:

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.5/com.ibm.isam.doc/config/concept/oidc_claims_customization.html

There is also this topic which includes some examples of working with the JWT, look for the sub-heading "Modifying JWT signing and encryption parameters in the pre-token mapping rule"

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.5/com.ibm.isam.doc/config/concept/oauth_oidc_mapping_rules_actions.html

When it comes to the 'type' of an attribute, there are lots, as I'm sure you've noticed. we don't publish and maintain a definitive list as there are some internal types which we don't intend for an administrator to work with.

Some common types you'll see include:

Input types:

urn:ibm:names:ITFIM:oauth:param

urn:ibm:names:ITFIM:oauth:query:param

urn:ibm:names:ITFIM:oauth:body:param

Output types:

urn:ibm:names:ITFIM:oauth:response:attribute

id_token types:

urn:ibm:oidc10:jwt:create

urn:ibm:jwt:claim

urn:ibm:JWT:header:claim

incoming claim parameter types:

urn:ibm:names:ITFIM:oidc:claim:essential

urn:ibm:names:ITFIM:oidc:claim:voluntary

urn:ibm:names:ITFIM:oauth:response:decision 

urn:ibm:ITFIM:oauth20:custom:token

I'm happy to answer any questions about what the above are used for.

For passing data between the pre-token and post-token rule, using a custom type as you mention is a good and valid approach.

Thanks

------------------------------
Leo Farrell

Original Message:
Sent: 09-11-2018 09:50
From: Louis Beaudry
Subject: stsuu attributes type

​Hi IBM community,

In an OAuth workflow, I would like to set a stsuu attribute in the pretoken mapping rules that I would later re-use in the posttoken mapping rules.

The addAttribute method takes name, type & value.

The type is a string, for example something like "urn:ibm:jwt:claim" for attribute that we will incude in the OIDC jwt.

My questions are about this type.
- where can I find documentation/explanation on this?
more precisely
- where are those type defined? what is available? can we define custom ones? How exactly are they used? etc.

In a nutshell, I would like to understand them to make sure I use them in a way that makes sense instead of just "winging it" until I manage to accomplish what I need :-)

Thanks for your help!
Louis



​​

------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------