org.forgerock.openam.sts.tokengeneration.oidc

Interface OpenIdConnectTokenClaimMapper

public interface OpenIdConnectTokenClaimMapper

An instance of this interface will be used to insert any custom claims into issued OpenIdConnect tokens. STS instances will be published with state which will allow users to specify their own implementation of this interface, and if so, an instance of the user-specified class will be consulted to perform the attribute mapping.

Method Summary

Modifier and Type	Method and Description
Map<String,String>	getCustomClaims(SSOToken token, Map<String,String> claimMap)

Method Detail

getCustomClaims

Map<String,String> getCustomClaims(SSOToken token,
                                   Map<String,String> claimMap)
                            throws TokenCreationException

Parameters:

token - The SSOToken corresponding to the subject of the to-be-issued OpenIdConnect token

claimMap - the claim mapping, as defined by the OpenIdConnectTokenConfig state associated with the published sts instance. The map keys will be the claim names, and the LDAP datastore lookup of the attributes provided by the map values will provide the value of the claim. Multiple attributes will be separated by a space. If the LDAP lookup of the subject corresponding to the SSOToken of the attribute specified in the map value does not return a result, the claim will not be inserted in the issued token.

Returns:

the mapping of custom claim names to claim values to be inserted in the issued token. If one of the custom claims conflicts with a standard claim name already in the jwt, then an warning will be logged but the custom claim will be inserted. All entries should be non-null.

Throws:

TokenCreationException - if the attribute lookup fails