[cas-user] Re: CAS v6.4 problem with OIDC claim name mappings in the ID Token

Hi Jae, Yes, after the changes I checked both the IDToken and user profile endpoint. What I noticed is that the IDToken only contains the mapped name whereas the user profile endpoint contains both the original names and the mapped names, both with values. But in our case that is ok. Here is

[cas-user] Re: CAS v6.4 problem with OIDC claim name mappings in the ID Token

Hi John, did you use the user profile endpoint? are the user profile values in the endpoint response array not string 在2022年3月19日星期六 UTC+8 02:19:51 写道： > Hi Jae, > > Thank you very much for your email. That is a good work-around/fix for the > issue. I removed the `scopes` key in the service

[cas-user] Re: CAS v6.4 problem with OIDC claim name mappings in the ID Token

Hi Jae, Thank you very much for your email. That is a good work-around/fix for the issue. I removed the `scopes` key in the service definition file completely and in the `cas.properties` removed all of the `cas.authn.oidc.core.claims-map` entries. I used the following attribute release policy in

[cas-user] Re: CAS v6.4 problem with OIDC claim name mappings in the ID Token

Hi John, I removed the claims-map in config and following are my attributeReleasePolicy attributeReleasePolicy: { @class: org.apereo.cas.services.ChainingAttributeReleasePolicy policies: [ java.util.ArrayList [ { @class:

[cas-user] Re: CAS v6.4 problem with OIDC claim name mappings in the ID Token

Hi Rodolphe, Thank you for sharing the information, this is really helpful. This work-around may be something we look into implementing. John On Thu, Mar 10, 2022 at 12:46 AM Rodolphe Prin wrote: > Hi, > this is what I did to deal with that problem : > in my case I was retrieving attributes

[cas-user] Re: CAS v6.4 problem with OIDC claim name mappings in the ID Token

Hi, this is what I did to deal with that problem : in my case I was retrieving attributes from the authentication source (LDAP) with the following configuration ``` cas.authn.ldap[0].principal-attribute-list=displayName,givenName,mail,sn cas.authn.ldap[0].additional-attributes=memberOf ``` and

[cas-user] Re: CAS v6.4 problem with OIDC claim name mappings in the ID Token

Hi Jae, Thanks for the reply, are you able to share any of your config? In my case both the IDToken and the userinfo endpoint contain claims such as `mail` and `cn`. But the `claims-map` only seems to work for the userinfo endpoint, which returns both claims `mail` and `email` and `cn` and

[cas-user] Re: CAS v6.4 problem with OIDC claim name mappings in the ID Token

I used CAS v6.4 it's ok for me. I think there something wrong with your configuration. You defined the scopes (scopes=openid,profile,emai), CAS will use these as attributes release policy, the scopes email will only release attributes email and email_verified, profile will release name,