What is a Claim?
Claims-based identity is a common way for any applications to acquire those identity information. It provides a consistent approach for all applications by hiding the lower level implementation.
Also Claims are used in identity propagation, by packaging the claims into one or more tokens (such as SAML). And those are then issued by an issuer; commonly known as a security token service (STS).
Claim Management
The Claim Management component of the WSO2 Identity Server enables you to define set of claims for users. It maps a set of attributes from the underlying user store to a set of defined claims.
Each claim can be uniquely identified by the Claim Uri. Claim Uris are independent from the user store and each claim uri can be mapped into the any desired attribute in the user store; which are also associated with user profile. The underlying user store can be either JDBC , LDAP or AD that can be configured using user-mgt.xml file.
Each claim can be uniquely identified by the Claim Uri. Claim Uris are independent from the user store and each claim uri can be mapped into the any desired attribute in the user store; which are also associated with user profile. The underlying user store can be either JDBC , LDAP or AD that can be configured using user-mgt.xml file.
Claim Dialect
A set of claims are identified as a dialect. Different dialects represents the same piece of information with different claim URIs.
Following dialects are defined by-default with WSO2 Claim Management Component. Those are populated when the server is started at first time; by reading the claim-mgt.xml file which can be found at <IS_HOME>/repository/conf
- http://wso2.org/claims : Default dialect for WSO2 Carbon (Claim set of this dialect is used for default user profile)
- http://schemas.xmlsoap.org/ws/2005/05/identity : Default dialect for Information Cards
- http://axschema.org : Default dialect for OpenID Attribute EXchange
- http://schema.openid.net/2007/05/claims : Default dialect for OpenID Simple Registration
Defining Claim Dialect
You can define a new Claim Dialect by clicking on the link 'Add New Claim Dialect' in Claim management UI.
- Dialect Uri : URI which uniquely identifies the Dialect. Eg :- http://test.org/claims
Each dialect should have at least one claim. Therefore you need to define the claim configuration as defined in next heading
Defining Claim
You can extend a defined dialect by adding new claim mappings. Click 'Add New Claim Mapping' link to add a new claim mapping.
- Display Name : Name of the claim displayed on the UI (displayed name in the user profile)
- Description : Describe the functionality of the claim
- Claim Uri : URI defined under the dialect, specific to the claim (Unique identifier for claim)
- Mapped Attribute : Corresponding attribute name from the underlying user store
- Regular Expression : Regular expression to validate inputs (which are entered, when configuring user profiles)
- Display Order : Display order of the claim among all the other claims defined under the same dialect
- Supported by Default : If unchecked won’t be prompted in user profile and in user self registration
- Required : Required for claims for user profile and user self registration
Example
Lets assume that there is an attribute called “policyId” in the under line user store (say openldap). And Lets make it as a required claim value in the user’s identity using claim management.
Step 2. Go to Configure -> Claim Management UI
Step 3. Locate WSO2 Carbon claim dialect (http://wso2.org/claims)
Step 4. Create new claim under the WSO2 Carbon claim dialect and map it for for the policyId attribute
Lets define claim as follows;
Claim Uri as --> http://wso2.org/claims/policyId (unique id to identify the claim)
Display Name → Policy Id (Displayed name in user profile UI and Claim management UI)
Description -- > Policy Id of the User (Description about claim)
Mapped Attribute → policyId (Attribute id of the user store)
Regular Expression → ^[0-9] (regular expression to configure only the numerical values)
Display Order → 3 (Display order in user profile)
Supported by Default → true (This claim is in user profile and user self registration by default)
Required → true (This claim is a required claim in user profile and user self registration)
Step 3. Locate WSO2 Carbon claim dialect (http://wso2.org/claims)
Step 4. Create new claim under the WSO2 Carbon claim dialect and map it for for the policyId attribute
Lets define claim as follows;
Claim Uri as --> http://wso2.org/claims/policyId (unique id to identify the claim)
Display Name → Policy Id (Displayed name in user profile UI and Claim management UI)
Description -- > Policy Id of the User (Description about claim)
Mapped Attribute → policyId (Attribute id of the user store)
Regular Expression → ^[0-9] (regular expression to configure only the numerical values)
Display Order → 3 (Display order in user profile)
Supported by Default → true (This claim is in user profile and user self registration by default)
Required → true (This claim is a required claim in user profile and user self registration)
Step 5. Go to My Identity -> My Profiles and View default profile
Step 6. Policy Id can be seen as required attribute where you can configure only numerical values [0-9]
Step7. Log out from the admin console and go to self registration page. Identity -> Sign-up -> User name/password
Hey,
ReplyDeleteThanks for sharing such an amazing and informative post. Really enjoyed reading it :)
Thanks
Apu
Claims Management Services