Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Claim missing with wlcg enabled client #622

Closed
dmichelotto opened this issue Jun 20, 2023 · 3 comments · Fixed by #651
Closed

Claim missing with wlcg enabled client #622

dmichelotto opened this issue Jun 20, 2023 · 3 comments · Fixed by #651
Assignees
@enricovianello
Labels
kind/task

Comments

@dmichelotto
Copy link

If I create a client with these scopes "openid profile offline_access email wlcg wlcg.groups", that enable the wlcg profile for that client, and generate a token with that client, claim like email, preferred_username are missing. These claims are required in openstack keystone mapping for our security policy.
@enricovianello
Copy link
Member

Probably you have property iam.access_token.include_authn_info: true in your application.yml file that enable the additional claims you mentioned into your access token. This variable is not used within the WLCG JWT profile so a fix could be making the setting of that property relevant also in case of a WLCG JWT. But we need to understand if this is compatible with WLCG profile. I guess yes but If not, an alternative could be providing you a new JWT profile that extends the WLCG one and adds those additional claims. We need to discuss this internally. We'll let you know.

@dmichelotto
Copy link
Author

Many thanks for the explanation. I'll wait for your response.

@enricovianello enricovianello self-assigned this Jul 6, 2023
@maarten-litmaath
Copy link

Hi all,
adding existing standard claims should be fine.

@rmiccoli rmiccoli linked a pull request Sep 13, 2023 that will close this issue
Add OpenID Connect standard claims in ATs for WLCG JWT profile #651
Merged
@rmiccoli rmiccoli added this to v1.8.3 Sep 14, 2023
@rmiccoli rmiccoli moved this to On review in v1.8.3 Sep 14, 2023
@enricovianello enricovianello moved this from On review to Done in v1.8.3 Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@enricovianello enricovianello

Labels
kind/task
Projects
No open projects
v1.8.3
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add OpenID Connect standard claims in ATs for WLCG JWT profile indigo-iam/iam
4 participants
@dmichelotto @enricovianello @maarten-litmaath @rmiccoli