Claims source SPI

1. OpenID Connect claims

OpenID Connect permits client applications to retrieve claims, or assertions, about the end-user upon successful login. The claims can be passed to clients in two different ways -- by making them available at the protected UserInfo endpoint (requires an acess token), or by including them in the issued ID token.

Example claims about a logged-in user:

{
  "sub"         : "248289761001",
  "name"        : "Jane Doe",
  "given_name"  : "Jane",
  "family_name" : "Doe",
  "email"       : "[email protected]",
  "picture"     : "http://example.com/janedoe/me.jpg"
}

2. Claims source SPI

The Connect2id server comes with a flexible Java Service Provider Interface (SPI) to enable collection of claims from one or more arbitrary data sources, such as

  • Active Directory / LDAP (supported out-of-the-box)
  • SQL and NoSQL databases
  • SCIM web service
  • HR management system

The claims source SPI is defined in the Connect2id server toolkit, which is open source (Apache 2.0) and you can freely use it to create your own connectors:

https://bitbucket.org/connect2id/server-sdk

Features of the claims source SPI:

  • Enables initialisation of the claims source from a chosen configuration file.

  • Provides a method to let the Connect2id server discover what claims the
    source supports.

  • Supports language tags (BCP47).

  • Enables implementations to release resources on Connect2id server shutdown.

3. LDAP claims source implementation

The available LDAP claims source implementation is a useful example for developing other connectors. It is also open source and can be freely modified:

https://bitbucket.org/connect2id/openid-connect-ldap-claims-source

4. Receiving support

Our Connect2id support team is available if you need help with integrating a particular claims source.