End users

Page tree

Versions Compared

Old Version 24

changes.mady.by.user Marc Mittag

Saved on

compared with

New Version 25

changes.mady.by.user Aleksandar Mitrev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Translate5 tries to find an existing translate5 user by issuing authority and openid identity/subject of the user claims. If for those values, there is an existing user in transalte5, this translate5 user will be used and updated with potential new rights and user attributes (like name, e-mail, etc.)
  2. If in the above case there is no matching user found in transalte5, translate5 tries to find a valid e-mail address in the information, the OpenId Connect IPD provides about the connecting user:
    1. First it looks in the email field requested of the userinfo_endpoint (if configured)
    2. If not found there, translate5 tries to find it in the 'upn' claim.
    3. If not found there, translate5 tries to find it in the preferred_username claim
    4. If it is not found there, translate5 will throw an exception
  3. If a user exists, that has the e-mail address as login name as the one coming from OpenId Connect IDP, but with different OpenId specific issues and sub values, we will create new user with "OID-" as login prefix but with same email address.
  4. If a user exists, that has the e-mail address as login name as the one coming from OpenId Connect IDP, but with no  OpenId specific issues and sub values (so a manually created one), translate5 updates this user with the info coming from the OpenId Connect IDP.


Create translate5 customer via custom claims

The `runtimeOptions.customers.openid.claimsFieldName` feature allows you to customize the attribute name containing the customer number in the OpenID token claims. How translate5 will handle values in this config:

  • no value: the currently authenticated user will always be assigned to the default customer
  • defined value: will check if there is attribute in the OpenId token claims with this value. In case there is value, translate5 will try to find customer with number from the token claims value. If there is customer with this number, this customer will be used for the current user. If no customer is found, new customer will be created with number and name as the value provided in the claims