OpenID Connect - How to retrieve group membership (e.g. isMemberOf) with the userinfo endpoint?

Question

I have OpenID Connect configured in OpenAM (OpenAm is the provider). Now I'm trying to retrieve the group membership of a user via the userinfo endpoint.

Authentication was successful and I retrieved the access_token, the id_token and the user profile. But I was not able to include the groups. What is missing? Is this even possible? Do I have to write my own ScopeHandler?

Regards

Kirby

Answer 1

You will need to add "memberOf" to your scopes configuration in your agent setting on OpenAM. After that make a request using that scope as well. The values will be comma separated groups as in your AD.