Service Provider Claims Automatically Translated in OpenID Connect
When creating an OpenID Connect Service Provider claim definition some of the long URL claim names will automatically get translated into the short claim name in the OpenID Connect ID Token. This translation is being done by the Microsoft API used to get ID tokens. This is not controlled by Optimal. Please see the table below for the list of claims that this affects.
Note that the OpenID Connect User Profile will not be automatically mapped and will use the original claim name in the Service Provider claim definition.
| Full Claim Name | Short Claim Name |
|---|---|
| http://schemas.xmlsoap.org/ws/2009/09/identity/claims/actor | actort |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth | birthdate |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | family_name |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender | gender |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | given_name |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | nameid |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier | sub |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/webpage | website |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name | unique_name |
| http://schemas.microsoft.com/identity/claims/objectidentifier | oid |
| http://schemas.microsoft.com/identity/claims/scope | scp |
| http://schemas.microsoft.com/identity/claims/tenantid | tid |
| http://schemas.microsoft.com/claims/authnclassreference | acr |
| http://schemas.xmlsoap.org/claims/EmailAddress | adfs1email |
| http://schemas.xmlsoap.org/claims/UPN | adfs1upn |
| http://schemas.microsoft.com/claims/authnmethodsreferences | amr |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant | auth_time |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod | authmethod |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/applicationpolicy | certapppolicy |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/authoritykeyidentifier | certauthoritykeyidentifier |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/basicconstraints | certbasicconstraints |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/eku | certeku |
| http://schemas.microsoft.com/2012/12/certificatecontext/field/issuer | certissuer |
| http://schemas.microsoft.com/2012/12/certificatecontext/field/issuername | certissuername |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/keyusage | certkeyusage |
| http://schemas.microsoft.com/2012/12/certificatecontext/field/notafter | certnotafter |
| http://schemas.microsoft.com/2012/12/certificatecontext/field/notbefore | certnotbefore |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatepolicy | certpolicy |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/rsa | certpublickey |
| http://schemas.microsoft.com/2012/12/certificatecontext/field/rawdata | certrawdata |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/serialnumber | certserialnumber |
| http://schemas.microsoft.com/2012/12/certificatecontext/field/signaturealgorithm | certsignaturealgorithm |
| http://schemas.microsoft.com/2012/12/certificatecontext/field/subject | certsubject |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/san | certsubjectaltname |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/subjectkeyidentifier | certsubjectkeyidentifier |
| http://schemas.microsoft.com/2012/12/certificatecontext/field/subjectname | certsubjectname |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplateinformation | certtemplateinformation |
| http://schemas.microsoft.com/2012/12/certificatecontext/extension/certificatetemplatename | certtemplatename |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint | certthumbprint |
| http://schemas.microsoft.com/2012/12/certificatecontext/field/x509version | certx509version |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-application | clientapplication |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-ip | clientip |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent | clientuseragent |
| http://schemas.xmlsoap.org/claims/CommonName | commonname |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid | denyonlyprimarygroupsid |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid | denyonlyprimarysid |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid | denyonlysid |
| http://schemas.microsoft.com/2012/01/devicecontext/claims/displayname | devicedispname |
| http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier | deviceid |
| http://schemas.microsoft.com/2012/01/devicecontext/claims/ismanaged | deviceismanaged |
| http://schemas.microsoft.com/2012/01/devicecontext/claims/ostype | deviceostype |
| http://schemas.microsoft.com/2012/01/devicecontext/claims/osversion | deviceosver |
| http://schemas.microsoft.com/2012/01/devicecontext/claims/userowner | deviceowner |
| http://schemas.microsoft.com/2012/01/devicecontext/claims/registrationid | deviceregid |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path | endpointpath |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-forwarded-client-ip | forwardedclientip |
| http://schemas.xmlsoap.org/claims/Group | group |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid | groupsid |
| http://schemas.microsoft.com/identity/claims/identityprovider | idp |
| http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork | insidecorporatenetwork |
| http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser | isregistereduser |
| ClaimTypes.PPID | ppid |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid | primarygroupsid |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid | primarysid |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-proxy | proxy |
| http://schemas.microsoft.com/ws/2012/01/passwordchangeurl | pwdchgurl |
| http://schemas.microsoft.com/ws/2012/01/passwordexpirationdays | pwdexpdays |
| http://schemas.microsoft.com/ws/2012/01/passwordexpirationtime | pwdexptime |
| http://schemas.microsoft.com/2012/01/requestcontext/claims/relyingpartytrustid | relyingpartytrustid |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/role | role |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/role | roles |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn | upn |
| http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname | winaccountname |