I know it and I use it for applications integrated via SPS passing it with the headers. Unfortunately it doesn't work if I put it in an OIDC provider as a claim :(
Original Message:
Sent: Sep 01, 2023 04:01 AM
From: Enrico Bonato
Subject: OIDC: Create a claim that contains all (or part) of the access roles that the user has on the identity.
Ciao Marco
according to IM Techdocs, the information about user roles should be already available in SM as a Response attribute, like this:
SM_USER_APPLICATION_ROLES[:application id]: Returns a list of roles that are assigned to a user.
(see this link for additional details)
You may try to use this in place of the SOAP call
Let me know if this works
Best regards
Enrico B.
Original Message:
Sent: Aug 31, 2023 04:15 PM
From: MTrucillo
Subject: OIDC: Create a claim that contains all (or part) of the access roles that the user has on the identity.
Is it possible to create a claim that contains all (or part) of the access roles that the user has on the identity ?
At the moment the only way I was able to do this was by using the custom claims plugin writing java code to modify the access token (or idtoken).
The plugin gets the user and then does a soap call to the identity getting the access roles and creates the new claim.
To have this I must therefore also use an service account (on identity) which can ask for the roles of all users and keep its credentials in siteminder.
I don't like it very much and would like to save this extra call.
Any idea ?
Thanks in advance
Marco