Change in OpenID Connect relying party mapping rule

Change in OpenID Connect relying party mapping rule

If you're upgrading from version 9.0, we must change the location of the attribute values for issuing authority (iss) and subject (sub). If we don't make these changes, the existing OpenID Connect relying party custom mapping rules fail.
The attribute values for issuing authority (iss) and subject (sub) are now in the attribute container of the Secure Token Service Universal User (STSUU). In 9.0, these attribute values were in the context attributes. For example, the following attributes are in the attribute container for versions 9.0.1 or later:
stsuu.getAttributeContainer().getAttributeValueByName("iss"); stsuu.getAttributeContainer().getAttributeValueByName("sub");

Action: Change your mapping rules to specify the correct location of the attribute values.

Parent topic: Upgrade configuration