ruwanta
commented
4 years ago Hi @striantafyllou, This is the intended behaviour of set a claim value of a local user.
Open striantafyllou opened 4 years ago
ruwanta
commented
4 years ago Hi @striantafyllou, This is the intended behaviour of set a claim value of a local user.
striantafyllou
commented
4 years ago Hi @ruwanta, so, is there a way to filter claim values from within script based authentication?
We wrote the following script for filtering values of a user local claim depending on the service provider.
var claimToFilterURI = 'http://wso2.org/claims/country'; var claimValuesToKeep = ['GREECE', 'UK']; var onLoginRequest = function(context) { executeStep(1, { onSuccess : function(context){ var user = context.steps[1].subject; var claimValue = user.localClaims[claimToFilterURI]; Log.info('JS - Before Filtering '+ claimValue); var newClaimValue = []; claimValuesToKeep.forEach(function (item, index) { if (claimValue.indexOf(item) !== -1){ newClaimValue.push(item); } }); if (newClaimValue.length){ user.localClaims[claimToFilterURI] = newClaimValue.toString();
} else{ user.localClaims[claimToFilterURI] = ''; } Log.info('JS - After Filtering'+ user.localClaims[claimToFilterURI]); } }); };
The following lines
user.localClaims[claimToFilterURI] = newClaimValue.toString(); user.localClaims[claimToFilterURI] = '';
filter the value fo the local claim to either the desired values for the specific provider or to no value at all. Either code updates the user's local claim value in the user local store.
Place this script in the Script Based Adaptive Configuration inside Advanced configuration of Local & Outbound Authentication Configuration under any service provider.
We expect not to alter at any way the underline user store but rather alter the local's claim values which are to be passed to the service provider.