Good morning all, We are doing the migration of CAS to its 5.3.9 version. The step we are attempting to realize is the authentication delegation with OIDC. Always according to the apereo.github documentation, we implement the CAS overlay template to reach it. Nevertheless, we have recently discovered that the Maven dependency related to pac4j, cas-server-support-pac4j-webflow, does not respect rigorously the OIDC protocol because one class does force the delegatedclientid HTTP parameter to be in the URL handled by FranceConnect (implementing OIDC), which is explicitly not necessary with OIDC. The concerning class is the following: org.apereo.cas.web.DelegatedClientWebflowManager Which is here: https://github.com/apereo/cas/blob/master/support/cas-server-support-pac4j-webflow/src/main/java/org/apereo/cas/web/DelegatedClientWebflowManager.java <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fapereo%2Fcas%2Fblob%2Fmaster%2Fsupport%2Fcas-server-support-pac4j-webflow%2Fsrc%2Fmain%2Fjava%2Forg%2Fapereo%2Fcas%2Fweb%2FDelegatedClientWebflowManager.java&sa=D&sntz=1&usg=AFQjCNH4-Pu_66PHGkZc3nJt5nyFMCx-xA> During the delegation process, FranceConnect stops it and specifies some informations about this parameter: "The following fields are not supposed to be present : delegatedclientid" For information, the different existing HTTP parameters in the URL are the following: scope response_type redirect_uri state nonce delegatedclientid client_id
Please, is this parameter very necessary in this class or is there a way to disable it? Boris. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/eccb20ec-6fb0-497e-8e4e-3e0b893e62e7%40apereo.org.
