You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

SubjectJAVA PropertyExplanation

blueriq.security.jwt-claims.roles-path

A JsonPath expression to the roles claim in the JWT body. 

For example, if the JWT body contains below claims, this property should be set to $.realm_access.roles in order to indicate that the roles claim nested within the realm_access claim represents the roles. 

{
  ... other claims ...
  "realm_access": [
    "roles": ["role1", "role2"]
  ]
  ... other claims ...
}


application.properties


blueriq.security.jwt-claims.teams-path

A JsonPath expression to the teams claim in the JWT body. 

See roles-path above for more information.

application.properties


blueriq.security.jwt-claims.role-mapping.<role-claim>

Maps a role claim to zero, one or multiple Blueriq roles. If a role claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.jwt-claims.role-mapping.employee=authenticated_user,vu_employee

(all users which have the employee role at the identity provider will have the authenticated_user and vu_employee roles in Blueriq)

application.properties


blueriq.security.jwt-claims.team-mapping.<team-claim>

Maps a team claim to zero, one or multiple Blueriq teams. If a team claim does not have a mapping, it is considered to have an implicit identity mapping.

Example: blueriq.security.jwt-claims.team-mapping.amsterdam=europe,netherlands

(all users which have the amsterdam team at the identity provider will have the europe and netherlands teams in Blueriq)

application.properties


blueriq.security.jwt-claims.username-path

A JsonPath expression to the usernameclaim in the JWT body. 

See roles-path above for more information.

If no value is specified, the default value is used: $.preferred_username.

application.properties


blueriq.security.jwt-claims.claim-mapping.<key-id>=<value>

Additional optional custom parameter to retrieve a claim from the JWT and place it in the Authentication under the specified key. The value should be a JsonPath expression to the claim in the JWT body.

Only (lists of) strings, numbers and booleans are supported. These values will all be converted to strings.

See roles-path above for more information.

These claims can be retrieved to the profile using the GetAuthenticationClaims service.

application.properties