This documentation is for WSO2 Identity Server 5.6.0 . View documentation for the latest release.

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Sign in to the Management Console by entering your username and password.
  2. In the Main menu, click Add under Claims.
  3. Click Add Local Claim to add a new claim to the https://wso2.org/claims (local) claim dialect. 

  4. Enter the required information. 

    See the following table for descriptions of these fields.

    Claim detailsDescription
    Claim URIThis is the URI defined under the dialect, specific to the claim. There are different URIs available in the Identity Server and these equate to user attributes displayed in the profile of users. These URIs are mapped to the attributes in the underlying user store.
    Display NameThis is the name of the claim displayed on the UI. This can be viewed in the user's profile by navigating to the Main tab in the management console and clicking List in Users and Roles. In the resulting page, click Users and in the list of users that are displayed, click User Profile next to the one you wish to check.
    DescriptionThis gives you the option to describe the functionality of the claim.
    Mapped Attribute

    This is the corresponding attribute name from the underlying user store that is mapped to the Claim URI value.

    When you have multiple user stores connected to the Identity Server, this maps the equivalent attribute in all of them to the Claim URI you are configuring.
    For example, if you specify the cn attribute, this is mapped to the cn attribute in all the connected user stores. If you want to specify the attribute in a specific user store, you must add the domain name in addition to the mapped claim. For example, in a scenario where you have a primary user store configured called PRIMARY and secondary user stores called AD (representing Active Directory), you can map an attribute from each of these user stores to the Claim URI value by clicking Add Attribute Mapping, selecting the respective user store from the drop-down list, and mentioning the attribute of the userstore the attribute needs to be mapped to.
    Example:

    Regular ExpressionThis is the regular expression used to validate inputs. Example : For a claim URI like http://wso2.org/claims/email the regex should be something like "^([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})$ ".This will validate the claim value and will not let other values except an email.
    Display OrderThis enables you to specify the order in which the claim is displayed, among the other claims defined under the same dialect.
    Supported by DefaultIf unchecked, this claim will not be prompted during user registration.
    RequiredThis specifies whether this claim is required for user registration.
    Read-onlyThis specifies whether the claim is read-only or not. If the claim is read-only, it can't be updated by the user.
    Additional PropertiesThese properties are not currently used in current WSO2 Identity server. If we need to write an extension using current claims we can use these property values.
  5. Click on the Add button.
  6. A new claim mapping is displayed in the list.

...

  1. Open the claim-config.xml file found in the <IS_HOME>/repository/conf/ folder and add the necessary claim mapping under the http://wso2.org/claims/ claim dialect.

    Code Block
    languagexml
    titleSample claim mapping
    <Claim>
        <ClaimURI>http://wso2.org/claims/officeaddress</ClaimURI>
        <DisplayName>Office Address</DisplayName>
        <AttributeID>officeAdd</AttributeID>
        <Description>Address</Description>
        <DisplayOrder>12</DisplayOrder>
        <SupportedByDefault />
    </Claim>
  2. Optionally, you can also add multi-attribute claims where a single claim can be mapped to multiple attributes. In this example, the claim "Contact Number" is mapped to both the "Contact1" attribute in the primary user store, and the "contactNo" attribute in the secondary user store. This is specified within the <AttributeID> property. 

    Code Block
    languagexml
    titleSample claim mapping
    <Claim>
        <ClaimURI>http://wso2.org/claims/officeaddress</ClaimURI>
        <DisplayName>Office Address</DisplayName>
        <AttributeID>officeAdd;SecondaryUserStore/companyAddress</AttributeID>
        <Description>Address</Description>
        <DisplayOrder>12</DisplayOrder>
        <SupportedByDefault />
    </Claim>
  3. Save the file and start the server.

Add external claim

  1. Sign in to the Management Console by entering your username and password.
  2. In the Main menu, click Add under Claims.
  3. Click Add External Claim to add a new claim to any existing dialect other than the local dialect, i.e, https://wso2.org/claims
  4. Select the Dialect URI of the dialect you want to add the claim to and enter the required information.
    • External Claim URI:This is the URI defined under the dialect, specific to the claim. There are different URIs available in the Identity Server and these equate to user attributes displayed in the profile of users. These URIs are mapped to local claims in the https://wso2.org/claims dialect which are in turn mapped to the the relevant attributes in the underlying user store.
    • Mapped Local Claim: This is the claim that is defined in the local claim dialect (https://wso2.org/claims) that is mapped to the relevant attribute in the underlying user store. 
  5. Click on the Add button.
Note

Alternatively, you can also add an external claim or a claim mapping using the configuration file instead of via the management console. Note that you can only do this before the first start up of the WSO2 Identity Server instance.
To do this,

  1. Open the claim-config.xml file found in the <IS_HOME>/repository/conf/ folder and add the necessary claim mapping under the relevant claim dialect.

    Code Block
    languagexml
    titleSample claim mapping
    <Claim>
        <ClaimURI>http://wso2.org/SampleAppClaims/country<<ClaimURI>country</ClaimURI>
        <DisplayName>Country</DisplayName>
        <AttributeID>country</AttributeID>
        <Description>Country name component</Description>
        <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
    </Claim>
  2. Save the file and start restart the server.

The claim dialects claims configured in <IS_HOME>/repository/conf/claim-config.xml file get applied only when you start the product for the first time, or for any newly created tenants. With the first startup, claim dialects and claims will be loaded from the file and persisted in the database. Any consecutive updates to the file will not be picked up and claim dialects and claims will be loaded from the database.

Excerpt
hiddentrue

Instructions on how to add a new Claim Mapping in the WSO2 Identity Server.