openid-connect

问题 I'm working on auth between a Chrome Extension, Google Cloud Platform, and trying to send the id_token JWT to an AWS server to retrieve user data (and/or establish a session?). My question is this -- how can I prevent chrome extensions with tabs permissions from reading the GET request or the redirected URI which has the fully-validated user JWT? The JWT confirms that a user is who they are, but how do I know my Chrome Extension is the one making the request to my backend? I have a few ideas:

问题 I'm implementing a new "registered" application in Azure AD for which i need to get the user's Samaccountname value as preferred claim during the user authentication process. The apps can work with oidc request, so i'm trying to find a way to add a new claim in the user's profile (get https://graph.microsoft.com/oidc/userinfo ) containing the SamaccountName attribute "extension_cda8b3eafdfb4aa0b27ca9860634fd74_sAMAccountName" synchronized from local active directory. unfortunately after many

问题 I am using ASP.net MVC open id connecto to authenticate user with ADFS. Whenever I hit application url It redirects to ADFS Home Realm Discovery page where we see multiple IDP (Client Accounts) to sign in. How could we by pass this page and go directly to repsective IDP's login page depending on subdomain in URL. For eg, if I have a couple of clients (tenant) 1. Cloud Network Pvt Ltd 2.Cloud ddns and I could see a couple of on-premise AD. If the user hits "cloudddns.myapp.com" then it should

问题 I'm trying to setup Apache Guacamole with KeyCloak as OpenID Connect Authorization Server. Guacamole is redirecting me to KeyCloak, I can Log in with my user I created on KeyCloak and I get redirected back to Guacamole, but there it says that my token is invalid 08:08:11.477 [http-nio-4432-exec-7] INFO o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key

问题 I am following Authentication code flow with PKCE and my Identity provider is Azure Active directory. I have created a App , "client-app" from App Registrations. In the manifest I have added appRoles like the following. "appRoles": [ { "allowedMemberTypes": [ "User" ], "displayName": "StoreGroupManager", "id": "47fbb575-859a-4941-89c9-0f7a6c30beac", "isEnabled": true, "description": "Consumer apps have access to the consumer data.", "value": "StoreGroupManager" } ] I am assigning this role

问题 Update: After correcting the certificate issue, I'm now getting a 500 response form the test, with this message: InvalidOperationException: IDX20803: Unable to obtain configuration from: 'http://localhost/.well-known/openid-configuration'. That appears to be similar to this issue: https://github.com/IdentityServer/IdentityServer4/issues/685; however, I can't come up with a way to set the backchannel client or handler from my test -- it seems like a chicken and egg situation. This issue was

问题 I'm using Keycloak as a auth service for my applications. We have two applications that will use the same realm for login, but we would like to have different SSO Session Idle time for each applications. Example: Application A - We would like to allow idle time up to 30 minutes Application B - We would like to allow idle time up to 45 minutes. However the setting to control the idle time, is set in the Realm settings, and not on the clients settings, which makes it hard for us to solve the

问题 I have an app that is authenticating with Azure Active Directory using OpenIdConnect. Everything is working fine except when I link to my site from a Office Application (excel/ word). From these applications I get a "Exception: Correlation failed.". From my research it seems to be that office is first doing the 302 redirect and then opening that page not the original link. See: https://github.com/aspnet/Security/issues/1252 After a recommendation for how to handle this scenario. I don't want

问题 I have an app that is authenticating with Azure Active Directory using OpenIdConnect. Everything is working fine except when I link to my site from a Office Application (excel/ word). From these applications I get a "Exception: Correlation failed.". From my research it seems to be that office is first doing the 302 redirect and then opening that page not the original link. See: https://github.com/aspnet/Security/issues/1252 After a recommendation for how to handle this scenario. I don't want

问题 I have the problem that I can log on to my dashboard via OIDC, but then the oidc group information is not mapped correctly and I cannot access the corresponding resources. Basic setup K8s version: 1.19.0 K8s setup: 1 master + 2 worker nodes Based on Debian 10 VMs CNI: Calico Louketo Proxy as OIDC proxy OIDC: Keycloak Server (Keycloak X [Quarkus]) Configurations I have configured the K8s apiserver with these parameters. kube-apiserver.yaml - --oidc-issuer-url=https://test.test.com/auth/realms