Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

IAP with Workforce Identity and custom claims

We are trying to secure a GKE service using IAP with Workforce Identity Federation. Everything is working, but it is unclear if I am able to configure it so that additional claims from the IdP are passed into the TokenPayload after validating the `x-goog-iap-jwt-assertion` header. We have done the attribute mapping at the provider. We are attempting to get the authenticated user's `given_name`, `family_name`, and `groups` claims/attributes. Previously, we were using IAP with Identity Platform, and those claims were passed through in the token at `gcip.firebase.sign_in_attributes`.

Does anybody know if this is possible?

 

 

0 2 301
2 REPLIES 2
Top Labels in this Space