OIDCConsentDataValve
Warning
This valve is usually used with the legacy OIDC authenticators. If that is the case, it is recommended to plan for migrating the authenticator to the new protocol agnostic authenticator architecture, where this valve won't be needed anymore since it's already builtin. More information about the legacy authenticators can be found here.
Note
Adds consent data. The call must have been preceded by a successful OpenID Connect authentication.
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| consent_data_rules | Consent data information. Syntax: displayname:value:rule | Yes | Yes | |
| separator | Separator for: displayname:value:rule | : | Yes | No |
Example Configuration
{
"name": "OIDCConsentDataValve",
"enabled": "true",
"config": {
"consent_data_rules" :
[
"Namn:{{item.givenName}}:none",
"Personnummer:{{item.description}}:last4",
"Mobil:{{item.mobile}}:first6",
"Mail:{{item.mail}}:mail"
],
"separator" : ":"
}
}
Rules
Supported rules:
- mail : masks an email address ( p*******n@phenixidentity.com )
- firstn: masks first n characters of string. n is a number: first5
- lastn: masks last n characters of a string. n is a number: last6
- none: no masking
Requirements
- Session must be present in the flow. Loaded by prior execution.