Uploaded image for project: 'OpenId Connect'
  1. OpenId Connect
  2. OIDC-162

oidcProvider cookie doesn't select the correct configuration

    XMLWordPrintable

Details

    • Bug
    • Resolution: Invalid
    • Major
    • None
    • 2.3.0, 2.3.1
    • Configuration
    • None
    • Unknown

    Description

      we have defined multiple oidc providers with the in-wiki configuration method (/xwiki/bin/edit/XWiki/OIDC/ClientConfigurationTemplate?editor=object). the oidcProvider cookie should select the configuration for each login. OIDCClientConfiguration correctly checks the name but always provides values from the first configuration object - not the one matching the name.

      in this case it should select the configuration something, redirecting to auth.something.tld. instead it redirects to auth.other.tld because the configuration with the name other comes first in the object list (it's object number is lower).

       

      DEBUG .o.a.i.OIDCClientConfiguration - Wiki configuration name is [something]
      DEBUG .o.a.i.OIDCClientConfiguration - The value of configuration property [oidc.skipped] is [false]
      DEBUG .o.a.i.OIDCClientConfiguration -   Converted to [false]
      DEBUG .o.a.i.OIDCClientConfiguration - Session: node01o5kqjxctj9nl1cadtoju6gurn1
      DEBUG .o.a.i.OIDCClientConfiguration - Session: node01o5kqjxctj9nl1cadtoju6gurn1
      DEBUG .o.a.i.OIDCClientConfiguration - Session: node01o5kqjxctj9nl1cadtoju6gurn1
      DEBUG .o.a.i.OIDCClientConfiguration - Wiki configuration name is [something]
      DEBUG .o.a.i.OIDCClientConfiguration - The value of configuration property [oidc.skipped] is [false]
      DEBUG .o.a.i.OIDCClientConfiguration -   Converted to [false]
      DEBUG .o.a.i.OIDCClientConfiguration - Session: node01o5kqjxctj9nl1cadtoju6gurn1
      DEBUG .o.a.i.OIDCClientConfiguration - Session: node01o5kqjxctj9nl1cadtoju6gurn1
      DEBUG .o.a.i.OIDCClientConfiguration - Wiki configuration name is [something]
      DEBUG .o.a.i.OIDCClientConfiguration - The value of configuration property [oidc.endpoint.authorization] is https://auth.other.tld/auth/realms/rpa/protocol/openid-connect/auth
      DEBUG .o.a.i.OIDCClientConfiguration -   Converted to https://auth.other.tld/auth/realms/rpa/protocol/openid-connect/auth

      Attachments

        Activity

          People

            tmortagne Thomas Mortagne
            buxit till busch
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: