Claim mapping support to issued claims from the OIDC Generic Provider

Before Identify 5.18, by default, the OIDC Identity Provider automatically maps incoming claims to a set of predefined claims. If an incoming claim is not in the predefined list, Identify maps it to an unusable "urn:{provider name}:claimtype" format. Starting with version 5.18, we support the new Default claim mapping action setting which allows specifying the mapping action for these claims.

Default claim mapping action setting

The Default claim mapping action setting is available in the OIDC Identity Provider under the connection's advanced settings.

This setting offers three options for mapping claims:

• Map to standard claim types with claim provider prefix: This is the default value for the Default claim mapping action setting. Incoming claims are mapped to standard claim types, with the claim provider's identifier added as a prefix.

• Map to standard claim types without claim provider prefix: Incoming claims are mapped to standard claim types, without adding the claim provider's identifier as a prefix

• Do not map to standard claim types: Claims are not mapped to standard claim types. Instead, they are added directly to the ClaimsPrincipal object as received from the upstream Identity provider.

Note:

• Claims "nonce", "aud", "azp", "acr", "iss", "iat", "nbf", "exp", "at_hash", "c_hash", "ipaddr", "platf", and "ver" are skipped.
• If the bearer claim type is not found in the returned claims (i.e., the ClaimsIdentity.Name property was not found), the sub claim from the incoming claims will be used.