Before reading this, please familiarize yourself with WSO2 Identity Server and Claim Aware Proxy Services with ESB.
Once you get the above running, all of the client requests to attributes are satisfied through Identity Server's default implementation.
To filter attributes being sent, invoke an EJB to obtain custom attributes, and insert them as an SAML assertion to the returning security token, you need to execute some custom logic inside Identity Server to manipulate attributes being added to the returning security token.
Follow the instructions below to do this.
- Make sure the first scenario works fine. That is, make sure the Security Token with SAML attribute assertions is inserted by Identity Server.
- To override it, you need to write a Carbon component to insert our custom logic.
Download and extract
sample.aar. Next, run the following from the sample folder:
- Now, you can find the bundle inside
- Stop Identity Server if it's already running.
IS_HOME\webapps\ROOT\WEB-INF\eclipse\configuration\org.eclipse.equinox.simpleconfigurator\bundles.infoand add the following entry to the end.
It is one line.
Start the Identity Server with the following command:
- Once it has started, press "Enter" on the console to get the
Type in the following there to list the available bundles.
Check the status of the
org.wso2.carbon.identity.samples.attributeservicebundle and get its bundle ID, for example, 164. If the status is
RESOLVED, then type:
- Once again, check the status with
ss. It should be
Run the same client used here before. You can see the "First Name" attribute being overridden, as well as a new attribute being added. You can also see the following line on the console.