XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Home
    2. dlgroep
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 0
    • Posts 1
    • Groups 0

    dlgroep

    @dlgroep

    0
    Reputation
    1
    Profile views
    1
    Posts
    0
    Followers
    0
    Following
    Joined
    Last Online
    Website orcid.org/0000-0003-1026-6606
    Location Nikhef Amsterdam, Maastricht University
    dlgroep Unfollow Follow

    Latest posts made by dlgroep

    • RE: OIDC login - Internal Server Error

      Replicating the issue with another OIDC OP (simplesamlphp module-oidc), it appears to hinge on an expectation of a 'thick' JWT token being returned from the OP, whereas some OPs (simplesamlphp, but also SRAM which IIRC uses SATOSA) strictly interpret OpenID Connect Core section 5.4 so that in the Authorization Code flow the returned JWT token is 'thin' and the RP must collect the claims (based on the requested scopes) from the userinfo endpoint, rather than expecting them to be in the returned IDToken. And since the auth-oidc plugin uses the response_type=code ...
      (see https://github.com/vatesfr/xen-orchestra/pull/9648#issuecomment-4161156812 for more details).
      Modifying an OP to always add claims to the IDToken, i.e. disregarding section 5.4 of the OIDC core spec, makes the issue above go away ...

      olivierlambert opened this pull request in vatesfr/xen-orchestra

      draft fix(xo-server-auth-oidc): handle missing profile fields in username resolution #9648

      posted in Advanced features
      dlgroepD
      dlgroep