In Authorization request I need claims for Approve access screen.
Dne pátek 26. června 2020 15:50:55 UTC+2 ste napsal(a):
>
> Ok maybe you need it in response, but not when you request Authorization.
>
> Le ven. 26 juin 2020 à 15:20, Jakub Fridrich > a écrit :
>
>> Yes, for userinfo endpoint I
Ok maybe you need it in response, but not when you request Authorization.
Le ven. 26 juin 2020 à 15:20, Jakub Fridrich <
jakub.fridr...@klikpojisteni.cz> a écrit :
> Yes, for userinfo endpoint I think */cas/oidc/profile*.
>
> For claims, I need this params, generated with XWiki. The above claim
Yes, for userinfo endpoint I think */cas/oidc/profile*.
For claims, I need this params, generated with XWiki. The above claim it I
testing.
*=*{"id_token":{"xwiki_instance_id":null},"userinfo":{
"xwiki_user_accessibility":null,"xwiki_user_displayHiddenDocuments":null,
Ok all look good.
So what is that :
*=*
*{"userinfo":{"sub":null,"iss":null,"openid":null,"profile":null,"name":null,"email":null,"first_name":null,"last_name":null}}*
you don't need it in /cas/oidc/authorize
And when you talk about "In *userinfo* endpoint I getting now" what is your
user info
Hi,
.well-known return this JSON (in attachment)
Dne pátek 26. června 2020 13:50:17 UTC+2 ste napsal(a):
>
> Hi, You see it here : /cas/oidc/.well-known ?
>
> Le ven. 26 juin 2020 à 09:07, Jakub Fridrich > a écrit :
>
>> Thanks, but attributes not showing still..
>>
>> My service now looks
Hi, You see it here : /cas/oidc/.well-known ?
Le ven. 26 juin 2020 à 09:07, Jakub Fridrich <
jakub.fridr...@klikpojisteni.cz> a écrit :
> Thanks, but attributes not showing still..
>
> My service now looks like:
> {
> "@class" : "org.apereo.cas.services.OidcRegisteredService",
> "clientId":
I don't know the purpose of your claim parameter but here's the kind of url
generated by our oidc client:
https://xxx/cas/oidc/authorize?client_id=
_uri=https%3A%2F%2Fyyy%2Fsilent-renew-oidc.html
_type=id_token%20token
=openid%20profile%20email
=vvv
=www
=none
Le vendredi 26 juin
Thanks, but attributes not showing still..
My service now looks like:
{
"@class" : "org.apereo.cas.services.OidcRegisteredService",
"clientId": "",
"clientSecret": "XX-X",
"serviceId": "^https://xwikl.XXX*;,
"name": "",
"id": 20,
"scopes" : [
you should remove the attributeReleasePolicy and replace it with
"scopes" : [ "java.util.HashSet",
[ "openid", "profile", "email", "address" ]
]
Le jeu. 25 juin 2020 à 15:59, Jakub Fridrich <
jakub.fridr...@klikpojisteni.cz> a écrit :
> I tried adding to Release policy (to service),
I tried adding to Release policy (to service), but sub is not showing
still.
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "sub", "first_name",
"last_name", "email" ] ]
}
I think you have to list the scopes available in the service definition
like described here:
https://apereo.github.io/cas/development/installation/OIDC-Authentication.html#scope-based-claims
Le jeudi 25 juin 2020 à 13:04:33 UTC+2, Jakub Fridrich a écrit :
> info: CAS 6.2.0-RC5 builded from
11 matches
Mail list logo