[
https://issues.apache.org/jira/browse/FEDIZ-203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16080785#comment-16080785
]
Jan Bernhardt commented on FEDIZ-203:
-------------------------------------
According to [1] scopes can and are used to map 1:many claim values. I
refactored the code so that this mapping is included now in the
FedizSubjectCreator.
Once my tests are done, I'll attach my patch files to this issue so that you
can review my changes, before I push them to master.
The current handling of roles with the SOAP Namespace did not look convenient
to me so I refactored this part also to support "roles" by default. Of course
it will still be possible to use another name for this, by applying a custom
mapping. I know that the standard does not provide a name specification, but I
think "roles" still fits better to an OIDC/OAuth UseCase as the SOAP Namespace
which is also not a real standard by the way. ;-)
[1] http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
> Support "roles" scope
> ---------------------
>
> Key: FEDIZ-203
> URL: https://issues.apache.org/jira/browse/FEDIZ-203
> Project: CXF-Fediz
> Issue Type: New Feature
> Components: OIDC
> Reporter: Jan Bernhardt
> Assignee: Jan Bernhardt
> Fix For: 1.4.1
>
>
> OIDC currently only supports role claims if they are requested as "claims"
> but not via "scope". Goal of this jira issue is to add support for a "roles"
> scope.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
