Versions Compared

Old Version 1

changes.mady.by.user Bart Sopers

Saved on

compared with

New Version 2

changes.mady.by.user Bart Sopers

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
SubjectJAVA PropertyExplanation

blueriq.security.jwt-claims.roles-path

The comma-separated path A JsonPath expression to the roles claim in the JWT body. 

For example, if the JWT body contains the following claims:below claims, this property should be set to $.realm_access.roles in order to indicate that the roles claim nested within the realm_access claim represents the roles. 

Code Block
{
  ... other claims ...
  "realm_access": [
    "roles": ["role1", "role2"]
  ]
  ... other claims ...
}

then this property should be set to "realm_access,roles" in order to indicate that the roles claim nested within the realm_access claim represents the user's rolesBefore Blueriq 16.7, the expression was a comma-separated list of path segments. Please refer to the Legacy Properties for more information on the legacy format and how to enable it.

Include Page
_PropertiesFileJava
_PropertiesFileJava


blueriq.security.jwt-claims.teams-path

The comma-separated path A JsonPath expression to the teams claim in the JWT body. 

See roles-path above for an examplemore information.

Include Page
_PropertiesFileJava
_PropertiesFileJava


blueriq.security.jwt-claims.role-mapping.<role-claim>

Maps a role claim to zero, one or multiple Blueriq roles. If a role claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.jwt-claims.role-mapping.employee=authenticated_user,vu_employee

(all users which have the employee role at the identity provider will have the authenticated_user and vu_employee roles in Blueriq)

Include Page
_PropertiesFileJava
_PropertiesFileJava


blueriq.security.jwt-claims.team-mapping.<team-claim>

Maps a team claim to zero, one or multiple Blueriq teams. If a team claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.jwt-claims.team-mapping.amsterdam=europe,netherlands

(all users which have the amsterdam team at the identity provider will have the europe and netherlands teams in Blueriq)

Include Page
_PropertiesFileJava
_PropertiesFileJava


blueriq.security.jwt-claims.username-path

The comma-separated path A JsonPath expression to the username claim usernameclaim in the JWT body. For example if the JWT body contains the following claims:

Code Block
{
  ... other claims ...
  "realm_access": [
    "nickname": "username"
  ]
  ... other claims ...
}

then this property should be set to "realm_access,nickname" in order to indicate that the nickname claim nested within the realm_access claim represents the username.

 

See roles-path above for more information.Auth0 will include the claim nickname in the JWT body when the scope profile is added to the list of scopes. We suggest to set this property to "nickname" when using Auth0.

If no value is specified, the default value is used: $.preferred_username.

Include Page
_PropertiesFileJava
_PropertiesFileJava


blueriq.security.jwt-claims.claim-mapping.<key-id>=<value>

Additional optional custom parameter to retrieve a claim from the openid-connect JWT token en and place it in the Authentication under the specified key. The value should be a JsonPath expression to the claim in the JWT body.

Only (lists of) strings, numbers and booleans are supported. These values will all be converted to strings.

See roles-path above for more informationFor more information see the openid connect configuration page.

These claims can be retrieved to the profile using the GetAuthenticationClaims service.

Include Page
_PropertiesFileJava
_PropertiesFileJava