On Friday, April 5, 2019, Sathya Bandara wrote:
> Hi Farasath,
>
> For federated users, we are setting the SP's tenant domain as user tenant
> domain. However userstore domain will be null. Therefore we can pass only
> the tenant domain in the realm. WDYT?
>
Ok that seems fine.
How are we planni
On Friday, April 5, 2019, Sathya Bandara wrote:
> Hi Farasath,
>
> For federated users, we are setting the SP's tenant domain as user tenant
> domain. However userstore domain will be null. Therefore we can pass only
> the tenant domain in the realm. WDYT?
>
Ok that seems fine.
How are we planni
Hi Farasath,
For federated users, we are setting the SP's tenant domain as user tenant
domain. However userstore domain will be null. Therefore we can pass only
the tenant domain in the realm. WDYT?
On Fri, Apr 5, 2019 at 9:36 AM Farasath Ahamed wrote:
> Hi Devs,
>
> Also what about the value o
Hi Devs,
Also what about the value of " *realm*" claim when the user is a federated
one?
Regards,
Farasath
On Fri, Apr 5, 2019 at 9:32 AM Hasini Witharana wrote:
> Hi Ruwan/Sathya,
>
> There are some standard claims defined in the OIDC specification[1], none
> of them can be used instead of "r
Hi Ruwan/Sathya,
There are some standard claims defined in the OIDC specification[1], none
of them can be used instead of "realm", "tenant_domain".
However, the spec also says that it is okay to add any other claims to
id_token[2].
[1] - https://openid.net/specs/openid-connect-core-1_0.html#Stand
Hi Sathya,
I do not see any issue adding the info-set to the id-token, as conceptually
it carries more information about the users identity.
Did we checked if there an standard claims in id token we could use,
instead of "realm", "tenant_domain", etc.
Cheers,
Ruwan A
On Thu, Apr 4, 2019 at 11:43
Hi all,
In OIDC logout flow, we send the ID token as a user identification method
similar to following request.
https://localhost:9443/oidc/logout?id_token_hint=
&post_logout_redirect_uri=
http://localhost:8080/playground2/oauth2client&state=1
when validating the ID token, we are trying to get t