claim

claim

Use the claim stanza entry to define an attribute which should be added to the JWT as a claim.
claim = [text|attr]::<value>{::<claim-name>}

Description

A claim which is to be added to the generated JWT. The configuration entry can be specified multiple times, once for each claim which should be added to the JWT.
Options

text Used to indicate that literal text will be added as the claim. The text can be qualified with a 'type' (delimited by a dot). The valid types include: bool, string, int. If no type is specified the value will be added to the JWT as a string.
attr Used to indicate the claim will be obtained from a credential attribute.
<value> The claim value, which will either be a literal string, or the name of a credential attribute. The '*' and '?' pattern # matching characters can be used to match multiple attributes. Pattern matching characters will be ignored if the '<claim-name>' is specified. If the value is a literal string an array of values can be specified by surrounding the string with square brackets ([]). Each individual value should then be delimited by a comma (the comma can be escaped with a backslash # character if a literal comma is required in the value). If the value is the name of an attribute an array will only be created if the attribute contains multiple values.
<claim-name> The name of the claim to be added to the JWT. Nested objects can be specified, separating the name of each object field with a . (dot). If the name of a field itself embeds a dot it should be escaped with a backslash character (e.g. \.).

Usage: Required when generating a JWT which is to be sent to a junctioned server.
Default value None
Example:
claim = text::www.ibm.com::iss claim = attr::AZN_CRED_PRINCIPAL_NAME::sub claim = attr::AZN_* claim = attr::BUSINESS_PHONE_NUMBER::phone.business claim = text.bool::true::is_jwt claim = text.int::[ 1234, 5678 ]::array_of_ints

Parent topic: [jwt:<jct-id>]

text	Used to indicate that literal text will be added as the claim. The text can be qualified with a 'type' (delimited by a dot). The valid types include: bool, string, int. If no type is specified the value will be added to the JWT as a string.
attr	Used to indicate the claim will be obtained from a credential attribute.
<value>	The claim value, which will either be a literal string, or the name of a credential attribute. The '*' and '?' pattern # matching characters can be used to match multiple attributes. Pattern matching characters will be ignored if the '<claim-name>' is specified. If the value is a literal string an array of values can be specified by surrounding the string with square brackets ([]). Each individual value should then be delimited by a comma (the comma can be escaped with a backslash # character if a literal comma is required in the value). If the value is the name of an attribute an array will only be created if the attribute contains multiple values.
<claim-name>	The name of the claim to be added to the JWT. Nested objects can be specified, separating the name of each object field with a . (dot). If the name of a field itself embeds a dot it should be escaped with a backslash character (e.g. \.).