OpenID Connect Claim Definitions
Attribute definitions that specifically apply to the release of attributes as part of OpenID Connect responses can be
defined using the OidcAttributeDefinition. Defining an attribute with this definition does not
prevent it from being released by other protocols.
1
2
3
4
5
6
7
8
9
10
{
"@class": "java.util.TreeMap",
"mail": {
"@class": "org.apereo.cas.oidc.claims.OidcAttributeDefinition",
"key": "mail",
"singleValue": false,
"structured": false,
"trustFramework": "eidas"
}
}
The following additional settings can be specified for a OpenID Connect attribute definitions:
| Name | Description |
|---|---|
singleValue |
Default is false. Determines if the attribute should be produced as a single-value claim if it has only a single value. |
structured |
Default is false. Determines if the resulting attribute should be encoded as a hierarchical/structured attribute, activated only if the name assigned to the attribute definition indicates a hierarchical layout such as parent.child.child |
trustFramework |
Default is empty. Name of the identity assurance trust framework that would force CAS to mark this claim as a verified claim. |
To learn more about attribute definitions, please see this guide.