Hi everyone,
we are using CAS with OIDC. We have custom attributes that are returned
also in the id_token, which works fine. However, when getting the response
from the userinfo endpoint at /oidc/oidcProfile, there is just an empty
filed "attributes".
{
"sub": "XXX",
"service": "XXX",
"auth_time": 1708679458,
"attributes": {},
"id": "XXX",
"client_id": "XXX"
}
What do we have to do to get the attributes from the id_token also in the
userinfo endpoint?
Here our OIDC configuration:
oidc:
core:
issuer: "https://{{ CAS_SERVER_NAME }}/cas/oidc"
claims-map:
cn: name
discovery:
grant-types-supported:
authorization_code,password,client_credentials,refresh_token
scopes: openid,profile,email,address,phone,eoportal
claims:
cn,uid,sub,name,preferred_username,family_name,given_name,middle_name,given_name,profile,picture,nickname,website,zoneinfo,locale,updated_at,birthdate,email,email_verified,phone_number,phone_number_verified,address,gender,role,policy_accepted,has_nrt_license,has_morethan1hr_license,customer_organisation,mail
user-defined-scopes:
eoportal: role,uid
jwks:
core:
jwks-type: RSA
file-system:
jwks-file: file:///etc/cas/oidcJwks/keystore.jwks
Thanks,
Udo
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/aa1edbb7-526c-4ff4-8e86-a88802257531n%40apereo.org.
