OpenId Connect with wso2 returns only sub claim

Question

When I ask the information of the user WSO2, the response contains only his sub.

Request GET https://srv-wso2.domain.com:9443/oauth2/userinfo?schema=openid
Request headers {Accept=[application/json, application/*+json], Authorization=[Bearer 50ff3e7940248bdc01e2c1d33de77537], Content-Length=[0]}
Response body {"sub":"RECIF/arnaud@carbon.super"}

In repository/conf/identity/identity.xml file, OpenIdConnect is configured to use http://wso2.org/claims as UserInfoEndpointClaimDialect.

I use an Active Directory as user store. And in claims configuration, some mappings should be hit like displayName or givenName or fullname.

Any ideas ?

Edit: I have the same problems with the playground2 application. I use WSO2 5.1.0

Please see the answer http://stackoverflow.com/questions/41281292/wso2-identity-server-oauth-userinfo-only-returns-sub/41319597#41319597 — Prabudda Sri Rahal, Dec 25 '16 at 08:08

score 4 · Answer 1 · answered Jan 20 '16 at 23:24

4

There is an opened bug: https://wso2.org/jira/browse/IDENTITY-4250 and a pull request has made: https://github.com/wso2/carbon-identity/pull/1677

answered Jan 20 '16 at 23:24

Arnaud

742
7
23

score 1 · Answer 2 · answered Dec 01 '16 at 12:03

1

It seems like we have to wait 5.3.0 version... https://wso2.org/jira/browse/IDENTITY-4250 resolved 2 days ago.

answered Dec 01 '16 at 12:03

LukeT

83
1
9

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page change – Divyang Desai Dec 01 '16 at 12:24
I tried the version 5.3.0rc1. The problem is still present! – LukeT Jan 03 '17 at 16:40
Release 5.3.0 did not fix it either. Any update on the issue ? I am struggling with similar problem for response type id_token. – Radek Adamiec Jan 13 '17 at 16:42
I found a solution using 5.3 version. If you want to see the other claims you have to configure a scope from wso2is interface. From left menu go on **Registry** - **Browse** than select /system/config/oidc and configure a openid scope with the claims you need. In my wso2is there are not scope defined... but I made a porting from wso2is 5.0 to 5.3, I didn't install a 5.3 directly. – LukeT Jan 16 '17 at 08:31

score 0 · Answer 3 · answered Jul 25 '16 at 17:02

If you would like to confirm this bug using a template Spring Boot project please see the following: https://github.com/nicodewet/template-spring-boot-oauth2-wso2-is

As you will note in the README.md of the cited project, the bug relates to the response to the HTTP GET request to https://localhost:9444/oauth2/userinfo?schema=openid appearing as follows in the response body.

{"sub":"nicodewet@carbon.super"}

OpenId Connect with wso2 returns only sub claim

3 Answers3

Linked