Module org.elasticsearch.xcore
Class ClaimSetting
java.lang.Object
org.elasticsearch.xpack.core.security.authc.support.ClaimSetting
JWT-related realms extract user data from JWTs. Some realms can also look up extra user data elsewhere;
OIDC realms can query an OIDC OP User Info endpoint to retrieve extra user data not specified in the JWT.
Each piece of extractable user data is configurable via two settings. This class encapsulates two settings per claim.
- The claim name.
- An optional java pattern (regex) to extract a substring from the claim value.
- In the case of 'sub' and 'name', no regex would be needed.
- In the case of 'email', a regex could be used to extract just the username before the '@'.
- In the case of 'dn', a regex could be used to extract just the 'cn' or 'uid' AVA value in a Distinguished Name.
-
Field Details
-
CLAIMS_PREFIX
- See Also:
-
CLAIM_PATTERNS_PREFIX
- See Also:
-
-
Constructor Details
-
ClaimSetting
-
-
Method Details
-
settings
-
name
-
getClaim
-
getPattern
-