So we're setting up a virtual proxy that authenticates with OIDC. This seems to work fine until I try to remap sub to another claim that is provided by our idp.

We don't want to use the default sub being sent with the OIDC token as the userID, but instead a claim called "internalID". but whenever I set internalID in the sub field while editing the virtual proxy, the login fails, and the proxy logs say the following:

"780 20240205T162909.792+0100 WARN SERVERNAME Audit.Proxy.Proxy.SessionEstablishment.Authentication.OIDC.OidcAuthenticationHandler 82 xxxxxxxxxx SVCUSER Proxy.SessionEstablishment.Authentication.OIDC.OidcAttributeParserException: Missing claimType:OidcAttributeSub↵↓ at Proxy.SessionEstablishment.Authentication.OIDC.OidcAttributeParser.ParseClaim(JwtPayload jwtPayload, String claimsAttrib, String claimTypeName, Boolean isMandatory)↵↓ at Proxy.SessionEstablishment.Authentication.OIDC.OidcAuthenticationHandler.AddSubClaimToUserSessionAttribute(IList`1 userAttributes, JwtPayload jwtPayload, String claimType, String claimTypeName, Boolean isMandatory)↵↓ at Proxy.SessionEstablishment.Authentication.OIDC.OidcAuthenticationHandler.AddClaimsToUserSessionAttribute(IList`1 userAttributes, JwtPayload jwtPayload, IConnectionData connData, VirtualProxyConfig vpConfig)↵↓ at Proxy.SessionEstablishment.Authentication.OIDC.OidcAuthenticationHandler.<GetAuthenticatedUser>d__11.MoveNext() 0 xxxxxx "

It seems it cannot actually map the claim to sub. I've verified that the claim is being sent (via other tools), but this is the full extent of the debug log for the proxy that I can see on the QlikSense side.