...
| Code Block |
|---|
"attributes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn=userid", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name=username", "http://schemas.microsoft.com/ws/2008/06/identity/claims/role=groups", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress=email1" ] |
or for JWT:
| Code Block |
|---|
"claims": [
"sub=userid",
"groups=groups",
"name=username"
] |
Names
Name here is the attribute name as it will be part of the ticket/token.
...
The value has special meaning; it refers to attributes within Ceptor's session (see Sessions for more info)
Value | Meaning |
null | Leave the claim out – has the same meaning as if the claim was not present at all, but can be used as a placeholder in the configuration where it can be later changed to another attribute. |
userid | Users ID |
username | Users name |
sessionid | PP Session ID |
customerid | Customer ID |
isinternal | True if user is internal, false if not |
agreementid | Agreement ID |
authmethod | Authentication method (note for SAML tokens that name of authentication method can be mapped - see Federation - SAML / WebSSO |
authlvl | Authentication level |
__literal | Literal value – if it starts with two underscore characters, it is taken as a litereral – e.g. “salary=__secret” will create the claim: |
<field name> | For JWT tokens only, If the value matches a configured field name, e.g. “address” then it will be used as a complex/nested field – e.g. {“address”: {“country”: “DK”, “street_address”: “Kronprinsessegade 54”, “postal_code”: “1306”}} |
_state_xxxxx | Refers to a state variable within the session, e.g. state=_state_username picks out the value from the state variable named “username” instead of the field “username” within the session. |
Anything else | Any other value is matched up against a state variable within the session. |