Versions Compared

Version Old Version 6 New Version 7
Changes made by

Cornelius Wachinger

Frank Asseg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Configuration: Display names are configured using the environment variable OAUTH_CLAIM_CONFIGURATION. This variable should contain a JSON array, where each object defines the claim attribute (=roleClaimAttribut) and the corresponding display name format (=displayNameForma) as well as an optional field for the prefix that should be ignored while parsing the role string(=prefix).

  • JSON Format: Each object in the array specifies a roleClaimAttribute, a displayNameFormat and a prefix. The display name format can include placeholders (<<>>) to dynamically insert token attributes into the display name.

  • Example Configuration:

    Code Block
    languagejson
    [
    {
        "roleClaimAttribute": "roles",
        "prefix": "I_will_be_ignored",
        "displayNameFormat": "System user <<applicationId>>"
    },
    {
        "roleClaimAttribute": "cdcm.groups",
        "displayNameFormat": "<<given_name>> <<family_name>> | <<department>>"
    }
]

  • Usage: This configuration allows display names to be dynamically generated based on user attributes, providing personalized and informative identifiers. For example, a display name might appear as "System user 12345" or "John Doe | Sales" based on the claims found in the user token.

Email To Role Admin Mapping

CDCM can add the roleAdmin Role that is created during space creation to arbitrary users by adding their email address to the environment variable ROLE_ADMINS.