Hi Pushpalanka,
The claims in the sample assertion you have stated(applicationId, enduser,
etc) are derived from the API key. Then by using the 'enduser' value, that
user's claims are retrieved [1]. AFAIK those claims will be added to the
JWT token, if that claim had a value only. For example if you signup a new
user through API Store Signup page, you can give values to claims such as
firstname, lastname, etc. So when invoking from that newly added user's
token, JWT assertion will have those claims as well.
ex:
{"iss":"wso2.org/products/am","exp":1389711373801,"
http://wso2.org/claims/subscriber":"lakmali",";
http://wso2.org/claims/applicationid":"9",";
http://wso2.org/claims/applicationname":"DefaultApplication",";
http://wso2.org/claims/applicationtier":"Unlimited",";
http://wso2.org/claims/apicontext":"/findfeeds",";
http://wso2.org/claims/version":"1.0","http://wso2.org/claims/tier":"Gold",";
http://wso2.org/claims/keytype":"PRODUCTION",";
http://wso2.org/claims/usertype":"APPLICATION",";
http://wso2.org/claims/enduser":"lakmali",";
http://wso2.org/claims/enduserTenantId":"-1234";, "
http://wso2.org/claims/custom":"hello";, "http://wso2.org/claims/emailaddress
":"lakm...@wso2.com", "http://wso2.org/claims/givenname":"Lakmali";, "
http://wso2.org/claims/lastname":"Erandi";, "http://wso2.org/claims/role
":"subscriber,Internal/identity,Internal/everyone"}
You can add new claim as Suresh mentioned. But we need to think about to
how to set the value to that new claim. If your requirement is to manually
add the value to new claim, then you can install User Profile feature and
add values to new claims.
[1]
https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/apimgt/org.wso2.carbon.apimgt.impl/1.2.0/src/main/java/org/wso2/carbon/apimgt/impl/token/JWTGenerator.java
Thanks,
Lakmali
On 12 January 2014 08:08, Pushpalanka Jayawardhana <la...@wso2.com> wrote:
> Thanks, I ll try out that.
>
> Regards,
> Pushapalanka
>
>
> On Sat, Jan 11, 2014 at 1:09 AM, Suresh Attanayaka <sur...@wso2.com>wrote:
>
>> If you need to have a new claim, you can define it in the correct claim
>> dialect and map it to a LDAP attribute. So then the JWT claims retriever
>> will add that to the JWT. For ex, in this case
>> *http://wso2.org/claims/enduserWithoutTenant
>> <http://wso2.org/claims/enduserWithoutTenant> can be mapped to cn or uid.*
>>
>>
>> On Saturday, January 11, 2014, Pushpalanka Jayawardhana wrote:
>>
>>> Hi,
>>>
>>> Is it possible to add a custom property to the JWT assertion as follows.
>>>
>>> {
>>> "iss":"wso2.org/products/am",
>>> "exp":1389378210204,
>>> "http://wso2.org/claims/subscriber":"admin";,
>>> "http://wso2.org/claims/applicationid":"1";,
>>> "http://wso2.org/claims/applicationname":"DefaultApplication";,
>>> "http://wso2.org/claims/applicationtier":"Unlimited";,
>>> "http://wso2.org/claims/apicontext":"/pizzashack/menu";,
>>> "http://wso2.org/claims/version":"1.0.0";,
>>> "http://wso2.org/claims/tier":"Bronze";,
>>> "http://wso2.org/claims/keytype":"PRODUCTION";,
>>> "http://wso2.org/claims/usertype":"APPLICATION_USER";,
>>> "http://wso2.org/claims/enduser":"admin@carbon.super";,
>>> *"http://wso2.org/claims/enduserWithoutTenant
>>> <http://wso2.org/claims/enduserWithoutTenant>":"admin",*
>>>
>>>
>>
>>
>> --
>> Suresh Attanayake
>> Senior Software Engineer; WSO2 Inc. http://wso2.com/
>> Blog : http://sureshatt.blogspot.com/
>> Web : http://www.ssoarcade.com/
>> Facebook : https://www.facebook.com/IdentityWorld
>> Twitter : https://twitter.com/sureshatt
>> LinkedIn : http://lk.linkedin.com/in/sureshatt
>> Mobile : +94755012060
>> Mobile : +016166171172
>>
>>
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Lakmali Baminiwatta
Software Engineer
WSO2, Inc.: http://wso2.com
lean.enterprise.middleware
mobile: +94 71 2335936
blog : lakmali.com
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
