Update IDP registration selection process

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Fixed
    • Priority: Major - P3
    • 8.0.0-rc0, 7.0.9, 7.3.2
    • Affects Version/s: None
    • Component/s: None
    • None
    • Server Security
    • Fully Compatible
    • v7.3, v7.0
    • Security 2024-03-04, Security 2024-03-18
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Since IDPConfiguration issuers are no longer guaranteed to be unique, selecting the correct IDPConfiguration registration that should apply to an OIDC authentication attempt is no longer as simple as matching the IDPConfiguration's issuer to the token's issuer claim. The server must now also match the IDPConfiguration's audience to the token's audience claim.

              Assignee:
              Erwin Pe
              Reporter:
              Erwin Pe
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: