OpenID Connect Provider mapping rules

OpenID Connect Provider mapping rules

When you write mapping rules for a provider, the primary goal is to augment the claims that are included in the ID token.
After mapping rule execution, all attributes in the STSUU will be added to the id_token as a claim, where the attribute key is the key in the id_token, and the value is the value of the attribute. If there are several attributes with the same key, then an array containing each attribute will be added to the claim. Some context information is made available to the user when writing mapping rules; the context attributes of the passed in STSUU will contain attributes with the type “urn:ibm:ITFIM:oidc:provider:context”, which can be used to make decisions on what claims are added, or if any other actions are performed.
These context attributes include:

The client ID of the client making the request.
The federation name of the provider servicing the request.
The redirect URI sent in the request.
The response type of the request.
The state parameter of the request.
The user-consented scopes for the request.

Parent topic: OpenID Connect mapping rules