OpenID Connect Relying Party mapping rules (Federation)

OpenID Connect Relying Party mapping rules (Federation)

When you write mapping rules for a Relying Party, the resulting STSUU is turned into a PAC used to authenticate the user to a Reverse Proxy via EAI. The attributes that are included in that PAC will be the attributes of the STSUU, and the principal will be the first principal which was in the STSUU. When writing mapping rules for a Relying Party, the values of the id_token will be made available as Attributes in the STSUU. Some additional context is made available to the user via the STSUU's context attributes. These attributes will have the types “urn:ibm:ITFIM:oidc:client:idtoken:param” and “urn:ibm:ITFIM:oidc:client:token:param”. These context attributes include:

All of the claims inside the id_token.
The raw JWT.
Any issued access or refresh tokens.
All of the properties of the issued bearer token if an authorization code flow is used.
All of the parameters issued in the response if an implicit flow is used.

Parent topic: OpenID Connect mapping rules