OIDC Scope claim Mapping in IS 5.7.0

In previous wso2 IS versions OIDC scope-claim mapping is maintained in the registry level. From IS 5.7.0 this mapping will be persisted in the db layer.

How OIDC scope-claim mapping works?

In the location of {product_home}/repository/conf/identity the file oidc-scope-config.xml can be found with the default OIDC scope claim mappings. In the very first server startup scopes and claims defined in this file will be stored in the db and the same data will be displayed in the management console UI. In the tenant creation also the data which is defined in the aforementioned file will be stored in the db against the tenant id. After the very server start up and the tenant creation the changes done to the oidc-scope-config.xml wont get affected. So adding, removing and editing oidc scopes should be done through the Management console UI.

OIDC Scope-Claim Mapping UI.

In the management console under ‘Manage’ collapsing panel it can be seen ‘OIDC Scopes’ section as below.

Adding new scopes and assigning claims to the scope can be done by clicking on ‘Add’ button as below.

Listing the scopes can be done clicking on the ‘List’ button as below.

By editing the scopes adding removing claims from the scope can be done by using ‘Add claims’ and ‘Update’ buttons respectively.

Database structure for OIDC scope claim mapping

Two new tables and a new index have been introduced to persist scope claim mapping as below.

CREATE TABLE IF NOT EXISTS IDN_OIDC_SCOPE (

ID INTEGER NOT NULL AUTO_INCREMENT,

NAME VARCHAR(255) NOT NULL,

TENANT_ID INTEGER DEFAULT -1,

CREATE TABLE IF NOT EXISTS IDN_OIDC_SCOPE_CLAIM_MAPPING (

ID INTEGER NOT NULL AUTO_INCREMENT,

EXTERNAL_CLAIM_ID INTEGER,

FOREIGN KEY (SCOPE_ID) REFERENCES IDN_OIDC_SCOPE(ID) ON DELETE CASCADE,

FOREIGN KEY (EXTERNAL_CLAIM_ID) REFERENCES IDN_CLAIM(ID) ON DELETE CASCADE

CREATE INDEX IDX_AT_SI_ECI ON IDN_OIDC_SCOPE_CLAIM_MAPPING(SCOPE_ID, EXTERNAL_CLAIM_ID);

Originally published at hasanthipurnima.blogspot.com.

Written by

Associate Technical Lead @ WSO2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store