Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error

2019-04-06 Thread Farasath Ahamed
On Friday, April 5, 2019, Sathya Bandara wrote: > Hi Farasath, > > For federated users, we are setting the SP's tenant domain as user tenant > domain. However userstore domain will be null. Therefore we can pass only > the tenant domain in the realm. WDYT? > Ok that seems fine. How are we planni

Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error

2019-04-06 Thread Farasath Ahamed
On Friday, April 5, 2019, Sathya Bandara wrote: > Hi Farasath, > > For federated users, we are setting the SP's tenant domain as user tenant > domain. However userstore domain will be null. Therefore we can pass only > the tenant domain in the realm. WDYT? > Ok that seems fine. How are we planni

Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error

2019-04-05 Thread Sathya Bandara
Hi Farasath, For federated users, we are setting the SP's tenant domain as user tenant domain. However userstore domain will be null. Therefore we can pass only the tenant domain in the realm. WDYT? On Fri, Apr 5, 2019 at 9:36 AM Farasath Ahamed wrote: > Hi Devs, > > Also what about the value o

Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error

2019-04-04 Thread Farasath Ahamed
Hi Devs, Also what about the value of " *realm*" claim when the user is a federated one? Regards, Farasath On Fri, Apr 5, 2019 at 9:32 AM Hasini Witharana wrote: > Hi Ruwan/Sathya, > > There are some standard claims defined in the OIDC specification[1], none > of them can be used instead of "r

Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error

2019-04-04 Thread Hasini Witharana
Hi Ruwan/Sathya, There are some standard claims defined in the OIDC specification[1], none of them can be used instead of "realm", "tenant_domain". However, the spec also says that it is okay to add any other claims to id_token[2]. [1] - https://openid.net/specs/openid-connect-core-1_0.html#Stand

Re: [Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error

2019-04-04 Thread Ruwan Abeykoon
Hi Sathya, I do not see any issue adding the info-set to the id-token, as conceptually it carries more information about the users identity. Did we checked if there an standard claims in id token we could use, instead of "realm", "tenant_domain", etc. Cheers, Ruwan A On Thu, Apr 4, 2019 at 11:43

[Dev] Tenant OIDC logout fails with 'ID token signature validation failed.' error

2019-04-04 Thread Sathya Bandara
Hi all, In OIDC logout flow, we send the ID token as a user identification method similar to following request. https://localhost:9443/oidc/logout?id_token_hint= &post_logout_redirect_uri= http://localhost:8080/playground2/oauth2client&state=1 when validating the ID token, we are trying to get t