Re: [cas-user] Re: OpenID Connect CAS module does not display required attributes (as iss, sub, aud, exp) if claims are set.

Fri, 26 Jun 2020 04:50:34 -0700 

Hi, You see it here : /cas/oidc/.well-known ?

Le ven. 26 juin 2020 à 09:07, Jakub Fridrich <
jakub.fridr...@klikpojisteni.cz> a écrit :

> Thanks, but attributes not showing still..
>
> My service now looks like:
> {
>   "@class" : "org.apereo.cas.services.OidcRegisteredService",
>   "clientId": "XXXX",
>   "clientSecret": "XXXXXX-XXXXX",
>   "serviceId": "^https://xwikl.XXXXXXX*";,
>   "name": "XXXX",
>   "id": 20,
>
>   "scopes" : [ "java.util.HashSet",
>     [ "openid", "profile", "email", "address" ]
>   ]
> }
>
>
> Requested url for Authorize endpoint (URL decoded):
> https://auth.XXXXXX.XX/cas/oidc/authorize
> ?scope=openid%20profile%20email%20address%20phone
>
> *&claims=*
> *{"userinfo":{"sub":null,"iss":null,"openid":null,"profile":null,"name":null,"email":null,"first_name":null,"last_name":null}}*
>
> &response_type=code
> &redirect_uri=https%3A%2F%2Fxwikl.xxxxx%2Fxxx%2Foidc%2Fauthenticator%
> 2Fcallback
> &client_id=XXXXXXX
>
>
> In *userinfo* endpoint I getting now:
> {
>   "email":"xxxx....@somedomain.cz",
>   "first_name":"Somename",
>   "last_name":"Somesuername",
>   "name":"somename.somesurname"
> }
>
> I need  in userinfo endpoint items as sub, iss, aud, etc...
>
> What am I doing wrong?
>
> Thanks
>
>
> Dne čtvrtek 25. června 2020 16:02:30 UTC+2 Stéphane Delcourt napsal(a):
>>
>> you should remove the attributeReleasePolicy and replace it with
>>
>>   "scopes" : [ "java.util.HashSet",
>>     [ "openid", "profile", "email", "address" ]
>>   ]
>>
>>
>> Le jeu. 25 juin 2020 à 15:59, Jakub Fridrich <jakub....@klikpojisteni.cz>
>> a écrit :
>>
>>> I tried adding to Release policy (to service), but sub is not showing
>>> still.
>>> "attributeReleasePolicy" : {
>>>     "@class" :
>>> "org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy",
>>>     "allowedAttributes" : [ "java.util.ArrayList", [ "sub", "first_name"
>>> , "last_name", "email" ] ]
>>>   }
>>>
>>>
>>>
>>> Dne čtvrtek 25. června 2020 13:04:33 UTC+2 Jakub Fridrich napsal(a):
>>>>
>>>> info: CAS 6.2.0-RC5 builded from cas-overlay-template
>>>>
>>>> Problem:
>>>> OpenID Connect in userinfo endpoint does not display required
>>>> attributes (as iss, sub, aud, exp) if claims are set.
>>>>
>>>> Scopes requested by client: openid, profile, email, address, phone
>>>> Claims requested by client: {"userinfo":{ "sub":null, "iss": null,
>>>> "name": null, "email": null, "first_name": null, "last_name": null }} or 
>>>> {"userinfo":{"name":
>>>> null, "email": null, "first_name": null, "last_name": null }}
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Service configuration:
>>>> {
>>>>   "@class" : "org.apereo.cas.services.OidcRegisteredService",
>>>>   "clientId": "XXX",
>>>>   "clientSecret": "XXX",
>>>>   "serviceId": "^https://xwikl.xxxserver.*";,
>>>>   "name": "XTest",
>>>>   "id": 5,
>>>>
>>>>   "attributeReleasePolicy" : {
>>>>    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>>>>   }
>>>> }
>>>>
>>>>
>>>> Dears any sugestions how to get in userinfo endpoint required fields
>>>> (iss, sub, aud, exp) ?
>>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/4690ebe5-3250-4798-bd0c-9e0925526ebco%40apereo.org
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/4690ebe5-3250-4798-bd0c-9e0925526ebco%40apereo.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ffcc34a1-0bee-48fc-b142-3c2376e0536bo%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/ffcc34a1-0bee-48fc-b142-3c2376e0536bo%40apereo.org?utm_medium=email&utm_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAD6KnbzVjeOLqfcLo%3DZ-wBgMDnceiKoHyuL39UADGPCcW4Gakw%40mail.gmail.com.

Reply via email to