Configuring the User Profile Whitelist

AM 7 introduced a profile attribute whitelist.

The profile attribute whitelist controls the information returned to non-administrative users when accessing json/user endpoints. For example, the whitelist controls the attributes shown in the user profile page.

Common profile attributes are whitelisted by default, but you need to add any custom attribute you want your non-administrative users to see.

The whitelist can be set by realm, in the user self-service service, or globally. To modify it:

  • Globally: Navigate to Configure > Global Services > User Self-Service > Profile Management, and edit the Self readable attributes field.

  • By realm: Navigate to Realms > Realm Name > Services > User Self-Service > Profile Management, and edit the Self readable attributes field.

    Note that you need to add the user self-service service to the realm if you have not done so already, but you do not need to configure anything other than the whitelist.

Note that the kbainfo attribute is required to be whitelisted for users to manage their KB questions and answers on user self-service flows.

Read a different version of :