Claim mapping for default user metadata

  • Applies to: All BOARD Cloud subscriptions  associated with a Subscription Hub and at least a Federated Identity Provider configured

WHAT: System-defined claim mapping rules for default user metadata

When you configure a new federated identity provider, but no valid claim mapping is provided, the Subscription Hub will try to fill in default user metadata by importing information from commonly used assertion claims included in the ID Token sent by the federated identity provider: to do that, the system follows specific system-defined mapping rules.

The default user metadata are the following:

  • Name
  • Email
  • Phone Number
  • Culture
  • Avatar Image

 

Mapping Rules

Name 

The Name value in its most extended form is composed following this pattern: [firstname] [middlename] [surname].

If no [middlename] is found during the mapping process, the pattern is the following: [firstname] [surname].

The Name value can in some cases be equal to a specific claim value: see step 1 of mapping rules below.

 

If no valid custom mapping is set, the system will look for valid information in assertion claims received from the federated identity provider. The following mapping rules are applied top to bottom:

  1. The [surname] value is mapped to the "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" claim and the "family_name" claim. If the first claim is missing , the system will proceed to the second one.
    If one the mapped claims mentioned above returns a valid value (i.e. not empty or whitespace), the mapping rule will continue to step 2.

    If the mapped claims mentioned above are missing (null response) or return an empty or whitespace value, the system will first look for valid data in the "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" claim and then in the "name" claim.
    The Name value will be equal to the found value and the mapping process for this specific User metadata will end.

    If all mapped claims mentioned above are missing (null response) or return an empty or whitespace value, the Name value will be equal to the previously saved value stored in the Subscription Hub and the mapping process for this specific User metadata will end.
  2. The [firstname] value is mapped to the "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" claim value and the "given_name" claim value. If no value is found in the first claim, the system will proceed to the second one.

    If both claims are missing (null response) or return an empty or whitespace value, the [firstname] value wil not be included in the Name value.
  3. The [middlename] value is mapped to the "middle_name" claim value. If the claim is missing (null response) or returns an empty or whitespace value, the [middlename] value wil not be included in the Name value.

Email

If no valid custom mapping is set, the system will look for valid information in assertion claims received from the federated identity provider. The following mapping rule is applied:

  • The Email value is mapped to the "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" claim and the "email" claim. If the first claim is missing or returns an empty or whitespace value, the system will proceed to the second one.

If both mapped claims mentioned above are missing (null response) or return an empty or whitespace value, the Email value will be equal to the previously saved value stored in the Subscription Hub.

 

Phone Number

If no valid custom mapping is set, the system will look for valid information in assertion claims received from the federated identity provider. The following mapping rule is applied:

  • The Phone Number value is mapped to the "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone" claim, the "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone" claim and the "phone_number" claim. If the first claim is missing or returns an empty or whitespace value, the system will proceed to the second one. If the second claim is missing or return an empty or whitespace value, the system will proceed to the third one.

If all mapped claims mentioned above are missing (null response) or return an empty or whitespace value, the Phone Number value will be equal to the previously saved value stored in the Subscription Hub.

 

Culture

If no valid custom mapping is set, the system will look for valid information in assertion claims received from the federated identity provider. The following mapping rule is applied:

  • The Culture value is mapped to the "locale" claim.

If the mapped claim mentioned above is missing (null response) or returns an empty or whitespace value, the Culture value will be equal to the previously saved value stored in the Subscription Hub.

 

Avatar Image

If no valid custom mapping is set, the system will look for valid information in assertion claims received from the federated identity provider. The following mapping rule is applied:

  • The Avatar Image value is mapped to the "picture" claim.

If the mapped claim mentioned above is missing (null response) or returns an empty or whitespace value, the Avatar Image value will be equal to the previously saved value stored in the Subscription Hub.