wso2 identity server oauth userinfo no role

Question

I have a WSO2 Identiy server installed and i have written some java code to get user information with oauth 2. For this I am using OLTU. I have connected correctly and after negotiating the access_code, I ask for the userinfo endpoint like this:

https://:9443/oauth2/userinfo?schema=openid

I get user info correctly in JSON format:

{"email":"xxxx@xxx.aa","name":"xxx","family_name":"xx","preferred_username":"xxx","given_name":"xx"}

What I find is that no role information is returned. I have created some custom roles and asigned the users. They don't have any permisions asigned.

Do I have to configure anything in the server? The request has to be made in any other way? What am I doing wrong?

Ishara · Accepted Answer

There are two ways to add this claim mapping. It's depends on your requirement.

To get this done has to add a role claim mapping under "http://wso2.org/oidc/claim" claim dialect. This can be done in following ways

Case 1 : For fresh WSO2IS before first startup

Go to <IS_HOME>/repository/conf/claim-config.xml file<br/> Add following configuration under <Dialect dialectURI="http://wso2.org/oidc/claim"><br/> <Claim> <ClaimURI>RolesClaimURI> <DisplayName>RolesDisplayName> <AttributeID>roleAttributeID> <Description>role of the userDescription> <DisplayOrder>10DisplayOrder> <SupportedByDefault /> Claim> Case 2: For already running server. Login to the Identity server management console as admin user. Click the Configure button to access the Configure menu Click on http://wso2.org/oidc/claim Dialect. Click on "Add New Claim Mapping" and set the above details. (There you will get an error which is known issues. But that value will store. Then again edit it and set Mapped Attribute again)

Then restart the server. Now you can get user info with roles

wso2 identity server oauth userinfo no role

Answers (1)

Related Questions