About Claims
On an abstract level, claims are statements that a subject (such as a user) makes about itself or another subject. In practical terms, these claims are attributes representing certain data about the user, packaged in a token (either ID token or access token) issued to the client application. You can control how these claims are issued and group them in scopes.
You can also control how SAML Assertion Attributes Coming From IDP are sent to SAML Service Providers.
Prerequisites
-
Access to an Cloudentity tenant with at least one authorization server
-
IDPs are connected and configured.
-
Authentication context is configured (if you want to set up claims based on the authentication context).
-
Client application is connected and configured (if you want to set up claims based on the client data).
Add Claim
In the video below, we are adding a custom claim based on authentication context data. This claim represents the user’s phone number, as provided by the IDP in use (hence the AuthN Context source type). In the source path, we select Phone, which originally comes from the claim sent by the IDP, mapped to the Cloudentity’s authentication context.
-
From the workspace sidebar, select Auth Settings > Tokens > Claims.
Result
Predefined claims are displayed.
-
Select a list label (ID Tokens, Access Tokens, SAML Assertion attributes - only when SAML is enabled in your tenant) to toggle the display of claims on the list.
-
To preview claim details, select a claim from the list.
Result
The Edit claim dialog box opens and displays claim details: Claim name, Source type, Source path and Scopes.
Note
In the Edit claim dialog box, you can also edit claim details. Source values are defined in the authentication context.
-
To create a new claim:
-
Select ADD CLAIM from the list header.
Result
The Add claim dialog box gets displayed.
-
In the Add claim dialog box, set the claim details.
Parameter Description Claim name Claim name in Cloudentity. Source type How the source value for the claim is retrieved. Authentication context is a set of attributes mapped from data sent by IDP acting on behalf of the user, whereas Client means an application registered in Cloudentity. Source path Specific attribute available in the source. Output source path Exact attribute name representing this claim in the token. Scopes Token with this claim is only issued as part of a scope defined in this field. If this field is empty, this claim is always issued with the token - you could say it’s global. SAML Name SAML attribute name issued with your Service Provider’s assertion, for example urn:oid:2.5.4.10
. Only available with SAML enabled in your tenant.SAML Attribute Format SAML attribute format, for example urn:oasis:names:tc:SAML:2.0:attrname-format:uri
. Only available with SAML enabled in your tenant. -
Select Add to save your new claim. Your claim is now added to the list.
-
Edit Claim
-
Select an existing claim from the list of claims in the Claims view.
-
In the Edit claim pop-up window, modify the claim data. Save the changes of the claim by selecting Update.
Remove Claim
-
To remove a claim, select the trash can icon for the claim that you want to delete.
-
In the Delete claim pop-up window, select Yes, delete to confirm the removal of the claim.
Warning
This action is permanent and cannot be undone.