diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/OIDCStandardScope.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/OIDCStandardScope.java index 57aa9dda27..4464173a22 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/OIDCStandardScope.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/OIDCStandardScope.java @@ -24,6 +24,9 @@ public enum OIDCStandardScope { address, email, profile, - phone; + phone, + offline_access, + device_sso, + assurance; } diff --git a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/DefaultAttrReleaseMapper.java b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/DefaultAttrReleaseMapper.java index f7fc7325b6..de0cb69eab 100644 --- a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/DefaultAttrReleaseMapper.java +++ b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/DefaultAttrReleaseMapper.java @@ -38,6 +38,7 @@ import org.apereo.cas.configuration.support.TriStateBoolean; import org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy; import org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy; +import org.apereo.cas.oidc.claims.OidcAssuranceScopeAttributeReleasePolicy; import org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy; import org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy; import org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy; @@ -252,6 +253,14 @@ public RegisteredServiceAttributeReleasePolicy build( OIDCStandardScope.phone, internal, external.toString()); + } else if (OidcAssuranceScopeAttributeReleasePolicy.ALLOWED_CLAIMS.contains(external.toString())) { + buildForOIDCStandardScope( + clientApp, + policies, + OidcAssuranceScopeAttributeReleasePolicy::new, + OIDCStandardScope.assurance, + internal, + external.toString()); } else { oidcOpEntity.getCustomScopes().entrySet().stream(). filter(entry -> clientApp.getScopes().contains(entry.getKey())