IBM Security Verify

Hi,
I have OpenID Provider based on Appliance 9.0.7 with authorization code flow. I add extended attributes by creating attributes with type "urn:ibm:names:ITFIM:oidc:claim:value" on "authorization endpoint" and retrieving them on "token endpoint". Like this:

var saveValue = stsuu.getAttributeContainer()
         .getAttributeValueByNameAndType("AZN_CRED_PRINCIPAL_NAME", 
         "urn:ibm:names:ITFIM:5.1:accessmanager");
if (saveValue != null) {
	var attro = new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("AZN_CRED_PRINCIPAL_NAME",
		"urn:ibm:names:ITFIM:oidc:claim:value", saveValue);
	stsuu.getContextAttributes().setAttribute(attro);
}

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.7/com.ibm.isam.doc/config/concept/oidc_claims_customization.html

It is work for single value attributes, but when i ​try to save Multy-valued attributes (AZN_CRED_GROUPS as example) on the "token endpoint"​ i have only first value of the collection. Is it possible to do? Maybe there is some cookbook or instructions?

Thanks!

------------------------------
Kirill N
------------------------------

The problem is the method you use to get the value. It only returns the first value:

getAttributeValueByNameAndType(java.lang.String attributeName, java.lang.String attributeType)
          Return the first attribute value as a String based on the attribute name and type provided.

Instead you would have to use this to get an array of values:

getAttributeValuesByNameAndType(java.lang.String name, java.lang.String type)
          Returns Attribute values as a String array from this AttributeContainer based on the name string and type string provided.

------------------------------
Laurent LA Asselborn
------------------------------

Original Message:
Sent: Tue February 16, 2021 05:16 AM
From: Kirill N
Subject: ISAM 9 OpenID ID-token add Multi-valued claim

Hi,
I have OpenID Provider based on Appliance 9.0.7 with authorization code flow. I add extended attributes by creating attributes with type "urn:ibm:names:ITFIM:oidc:claim:value" on "authorization endpoint" and retrieving them on "token endpoint". Like this:

var saveValue = stsuu.getAttributeContainer()         .getAttributeValueByNameAndType("AZN_CRED_PRINCIPAL_NAME",          "urn:ibm:names:ITFIM:5.1:accessmanager");if (saveValue != null) {	var attro = new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("AZN_CRED_PRINCIPAL_NAME",		"urn:ibm:names:ITFIM:oidc:claim:value", saveValue);	stsuu.getContextAttributes().setAttribute(attro);}

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.7/com.ibm.isam.doc/config/concept/oidc_claims_customization.html

It is work for single value attributes, but when i ​try to save Multy-valued attributes (AZN_CRED_GROUPS as example) on the "token endpoint"​ i have only first value of the collection. Is it possible to do? Maybe there is some cookbook or instructions?

Thanks!

------------------------------
Kirill N
------------------------------

You still have to iterate through the String array, but be aware that the variable that will hold the list of groups after iterating though all of them will be saved in the database. The column where the value will be held is a varchar (256). I think the limit is 256! Which means that if the list of the groups, concatenated with the separator you select, exceeds 256 you will be in trouble.

If you are using a local database, there is not much you can do, but if it is remote database, that you must change the size of the column!

------------------------------
Joao Goncalves
Pyxis, Lda.
Sintra
+351 91 721 4994
------------------------------

Original Message:
Sent: Wed February 17, 2021 04:14 AM
From: Laurent LA Asselborn
Subject: ISAM 9 OpenID ID-token add Multi-valued claim

The problem is the method you use to get the value. It only returns the first value:

getAttributeValueByNameAndType(java.lang.String attributeName, java.lang.String attributeType)
          Return the first attribute value as a String based on the attribute name and type provided.

Instead you would have to use this to get an array of values:

getAttributeValuesByNameAndType(java.lang.String name, java.lang.String type)
          Returns Attribute values as a String array from this AttributeContainer based on the name string and type string provided.

------------------------------
Laurent LA Asselborn

Original Message:
Sent: Tue February 16, 2021 05:16 AM
From: Kirill N
Subject: ISAM 9 OpenID ID-token add Multi-valued claim

Hi,
I have OpenID Provider based on Appliance 9.0.7 with authorization code flow. I add extended attributes by creating attributes with type "urn:ibm:names:ITFIM:oidc:claim:value" on "authorization endpoint" and retrieving them on "token endpoint". Like this:

var saveValue = stsuu.getAttributeContainer()         .getAttributeValueByNameAndType("AZN_CRED_PRINCIPAL_NAME",          "urn:ibm:names:ITFIM:5.1:accessmanager");if (saveValue != null) {	var attro = new com.tivoli.am.fim.trustserver.sts.uuser.Attribute("AZN_CRED_PRINCIPAL_NAME",		"urn:ibm:names:ITFIM:oidc:claim:value", saveValue);	stsuu.getContextAttributes().setAttribute(attro);}

https://www.ibm.com/support/knowledgecenter/SSPREK_9.0.7/com.ibm.isam.doc/config/concept/oidc_claims_customization.html

It is work for single value attributes, but when i ​try to save Multy-valued attributes (AZN_CRED_GROUPS as example) on the "token endpoint"​ i have only first value of the collection. Is it possible to do? Maybe there is some cookbook or instructions?

Thanks!

------------------------------
Kirill N
------------------------------