Skip to content

Roles sent from the IdP in SSO works only when the claim attached to UserInfo Token, not ID Token. #1617

New issue
New issue
Open
Open
Roles sent from the IdP in SSO works only when the claim attached to UserInfo Token, not ID Token.#1617
@MohammedNoureldin

Description

@MohammedNoureldin
MohammedNoureldin
opened on Dec 18, 2025

In the documentation of the SSO, to achieve the role assignment:

your provider must set a warpgate_roles OIDC claim (a JSON array of role names).

So far so good. The then problem comes here:

either in the ID Token or the UserInfo response.

I tested attaching the claim to the ID Token, and it did not work. It only only when it was attached to the UserInfo token.

This has either to be fixed in the code or in the docs.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions