ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Adding SESSIONSPEC to OIDC claim


Article ID: 208070


Updated On:





We're running a Policy Server and we'd like to know how to add the
SESSIONSPEC to the OIDC claims of given user. 

How can we achieve this ?



At first glance, SESSIONSPEC is not a User's attribute. 

As per documentation, Claims are based on User's attributes and can be
filled only with SiteMinder generated attributes SM_USERGROUPS or

  Configure SiteMinder as OpenID Connect Provider

    6. Complete the following fields in the Authentication and
       Authorization section:

       User Directories

       Specify the list of user directories that SiteMinder uses for
       authorizing and retrieving claims information.


    8. Complete the following fields in the Mappings section:

  Define mapping of claims with a user directory in Claims
  Mapping. Enter a claim name and the corresponding user attribute in
  a defined user directory, and click Add Row. You can add multiple
  claims with same name but for different column names. The user
  directory attribute can be a user attribute, virtual mapped
  attribute, or SiteMinder generated attributes SM_USERGROUPS or

You may be able to insert other value as Claims by developping a
Custom Plug-in. That might help you to implement to set a specific
Claim :

  Generate Custom Claims

    You can customize the claims if Relying Party requires claims in a
    specific format or if different Client applications require multiple
    claims in different formats. To customize, implement a plug-in class
    that adheres to the OIDC IClaimsPlugin interface that is available in
    SiteMinder Java SDK. The plug-in lets you customize claims and return
    the customized claims in ID Token or UserInfo response.