Hi Louis,
Perhaps I'm missing something but not sure why you are trying to process the created token (which is probably signed even if you could change it...).
If you want to modify the attributes that are included in the JWT you would usually remove these in a mapping rule BEFORE the JWT module is called:
STSUU (validate) --->JavaScript Mapping (map) --->JWT (create)
You should find it a lot easier to process the STSUU attributes in the mapping rule because they are provided as a JavaScript object.
Something like this?
// mapping rule to filter attributes
importPackage(Packages.com.tivoli.am.fim.trustserver.sts);
importPackage(Packages.com.tivoli.am.fim.trustserver.sts.uuser);
importPackage(Packages.com.tivoli.am.fim.trustserver.sts.utilities);
IDMappingExtUtils.traceString("Mapping rule called with stsuu: " + stsuu.toString());
// keep only the attributes we want
var keepAttrs = [ "emailAddress", "firstName", "lastName"];
var foundAttrs = [];
for (var i = 0; i < keepAttrs.length; i++) {
var attr = stsuu.getAttributeContainer().getAttributeByName(keepAttrs[i]);
if (attr != null) {
foundAttrs.push(attr);
}
}
// empty attrs, then add back what we want
stsuu.clearAttributeList();
for (var i = 0; i < foundAttrs.length; i++) {
stsuu.addAttribute(foundAttrs[i]);
}
Jon.
------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------
Original Message:
Sent: Thu November 26, 2020 10:19 AM
From: Louis Beaudry
Subject: modification of jwt token using mapping rule
Hi community,
(we are on ISVA 10.0.0.1)
I have created a Trust Chain to generate a jwt token. The last step is to call a default map module because I want to use a mapping rule to inspect & modify the token.
In particular, I want to scan the attributes in the token and remove a few of them (because we don't use them & they make the token too big)
I'm struggling to find the correct syntax to achieve this.
using getRequestedSecurityToken(), I managed to get a Requested Security Token from the RequestSecurityTokenResponse object,.
(According to Javadoc this is a as an org.w3c.dom.Element)
var tokenResponse = stsresponse.getRequestSecurityTokenResponse();
var requestedToken = tokenResponse.getRequestedSecurityToken();
I'm afraid my java skills are exhausted as I cannot find what's the next step to actually scan the attributes included in this token, remove the ones I don't want and finally recreate the token.
Would anybody have a reference to examples that I could use that would do something similar?
Thanks,
Louis
------------------------------
Louis Beaudry
Access Management
Intact Financial Corporation
------------------------------