View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
001023710000-018: Role-Based SecuritySpecpublic2025-03-14 21:422025-06-05 19:05
ReporterMatthias Damm Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionreopened 
Product Version1.05.04 
Fixed in Version1.05.06 RC1 
Summary0010237: JWT 'sub' cannot be mapped to a Role
Description

At the moment we are only able to map roles and groups claims in a JWT to a Role using the Identitiy Mapping criteriaTypes 'Role' and 'GroupId'.

There is no way to map 'sub' or 'iss' + 'sub' to a Role.

A proposal from Randy to solve this was to add a Identitiy Mapping criteriaTypes 'Claim' that allows us to map different Claims to a Role.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0010235 closedRandy Armstrong 10000-006: Mappings Clarifications for JWT Issued User Identity Tokens 

Activities

Matthias Damm

2025-06-05 18:32

developer   ~0022978

4.4.3 IdentityMappingRuleType
Added
If the criteriaType is Claim, the criteria is a JSON object with a key value pair list with the subset of the fields of the JWT IssuedIdentityToken to evaluate. An example is {“iss”: “MyIssuer”, “name”: “John Doe”} where the Role is assigned if the JWT contains a “iss” field with the value “MyIssuer” and a “name” field with the value “John Doe”.

4.4.4 IdentityCriteriaType
Added
Claim
10
The rule specifies the fields in an Access Token.

Matthias Damm

2025-06-05 19:03

developer   ~0022980

We decided to keep the feature in the backlog and wait for concrete use cases.

Issue History

Date Modified Username Field Change
2025-03-14 21:42 Matthias Damm New Issue
2025-03-14 21:42 Matthias Damm Status new => assigned
2025-03-14 21:42 Matthias Damm Assigned To => Matthias Damm
2025-03-14 21:42 Matthias Damm Relationship added related to 0010235
2025-03-15 15:56 Jim Luth Fix Due Date => 2025-05-01
2025-03-15 15:57 Jim Luth Commit Version => 1.05.06 RC1
2025-06-05 18:32 Matthias Damm Status assigned => resolved
2025-06-05 18:32 Matthias Damm Resolution open => fixed
2025-06-05 18:32 Matthias Damm Fixed in Version => 1.05.06 RC1
2025-06-05 18:32 Matthias Damm Note Added: 0022978
2025-06-05 19:03 Matthias Damm Status resolved => feedback
2025-06-05 19:03 Matthias Damm Resolution fixed => reopened
2025-06-05 19:03 Matthias Damm Note Added: 0022980
2025-06-05 19:04 Matthias Damm Status feedback => assigned
2025-06-05 19:05 Jim Luth Target Version 1.05.06 RC1 =>
2025-06-05 19:05 Jim Luth Commit Version 1.05.06 RC1 =>
2025-06-05 19:05 Jim Luth Fix Due Date 2025-05-01 =>