PhenixID DocumentationPhenixID Authentication ServicesSolutions OpenIDConnect (OIDC) / OAuthHow to configure PhenixID Authentication Services to properly populate JWT array claims

How to configure PhenixID Authentication Services to properly populate JWT array claims

Requirements

  • PhenixID Authentication Services version 4.0 or higher
  • PhenixID Authentication Services configured with an OpenID Connect Provider

Configuration

  • Login to Configuration Manager
  • Select Scenarios->OIDC->YOUR_OIDC_PROVIDER
  • Click Execution flow
  • Expand Token endpoint
  • If the array data is in the session (which is the case when a SAML IdP is used for authentication), click add valve and add a PropertyFromSessionToItem valve. Source should be set to the name of the SAML multivalue attribute. Example:
  • Place the valve after SessionLoadValve and before GenerateJWTTokenVavle, using drag-and-drop
  • Add a new valve, PropertyJoinValve. Set the source to the same as above. Example:
  • Place the valve after the previously added PropertyFromSessionToItem valve, using drag-and-drop
  • Expand the GenerateJWTTokenVavle
  • Add a new token attribute.
    name = same as above, for example groups
    value = {{item.same_as_above}}, for example {{item.groups}}
    type = array

    Example:
  • Click Save
  • Expand the PropertyJoinValve
  • Click Advanced
  • Copy the ID value
  • Click on the top Advanced tab
  • Click on the pen to the right of Pipe valves
  • Search for the previously copied ID
  • Make the following changes to the valve config:
    • Remove the dest parameter (whole row)
    • Change the separator value to \",\"

Example:

  • Click Stage changes and Commit changes
  • Select Scenarios->OIDC->YOUR_OIDC_PROVIDER
  • Click Execution flow
  • Expand Token endpoint
  • Expand GenerateJWTTokenVavle
  • Click Advanced
  • Copy the ID value
  • Click on the top Advanced tab
  • Click on the pen to the right of Pipe valves
  • Search for the previously copied ID
  • Make the following changes to the valve config:
    • Locate the token attribute (in this example groups)
    • Change the value to [\"{{item.groups}}\"]   (change groups to match your property name)

Example:

  • Click Stage changes and Commit changes