Layer7 API Management

Hi,

We want to get profile information from a rest service and update the userinfo response and the rest service is protected with access token. OTK User Attribute Look Up Extension does not have access token available to invoke the rest service, Please let me know if there are any suggestions

The default /openid/connect/v1/userinfo will use OTK User Attribute Look Up  assertion to retrieve user attributes from an IDP. OTK User Attribute Look Up Extension assertion is part of OTK User Attribute Look Up assertion. Validating token is done before OTK User Attribute Look Up assertion.

Please clarify your purpose to invoke a rest service with token in OTK User Attribute Look Up Extension assertion.

Hi Zhijun,

CA MAG is acting as a OP provider and Gigya invokes CA MAG as 3rd party OP provider. Based on Gigya's input, it can only invoke standard openid endpoints ( /userinfo) to get user information after authentication. All the necessary user information cannot be retrieved from LDAP user store to update the userinfo endpoint and we have to invoke an internal rest service to query the user information. Please let me know if there is any workaround to invoke the service.

Thanks,

Kamala

Dear Kamala,

The OOTB /userinfo only returns a hardcoded user "Darth Vader", only the 'sub', 'preferred_username' and 'user_role' are real. That's because otk will not know which IDP (user store) you're going to use, therefore it cannot return the real user attributes.

You would need to modify OTK User Attribute Look Up Extension policy to retrieve the real user attributes, rather than "invoke an internal rest service", you would just create ldap IDP to connect to your ldap user store, and use Query LDAP assertion to query the user information.

Regards,

Mark

Hi

Did the answers on this thread answered your question? If it did please mark it as the right answer.
When your question is not answered or you still have additional questions please let us know.

With Kind Regards

Dirk