Hi PSVID,
Sorry for the late reply yes I did. Basically you need to recreate
the OidcOpMetadataResolver with the updated configuration.
if (client instanceof OidcClient oidcClient) {
val opMetadataResolver = new OidcOpMetadataResolver(oidcClient.
getConfiguration());
oidcClient.getConfiguration().setOpMetadataResolver(opMetadataResolver);
if (!opMetadataResolver.isInitialized()) {
try {
opMetadataResolver.reinit();
} catch (final Exception e) {
LOGGER.error("The error of [{}] was thrown while loading metadata for [{}]",
e.getMessage(), oidcClient.getName(), e);
}
}
}
Regards,
Colin
On Friday, 29 September 2023 at 17:58:52 UTC+10 [email protected] wrote:
> Have you worked around this?
>
> On Wednesday, August 9, 2023 at 6:52:17 PM UTC-5 [email protected] wrote:
>
>> Hi MIsagh Moayyaed,
>>
>> I have directly sent this to you and appologies if this has already been
>> raised.
>>
>> Your commit of enhancements to oidc delegated authn to better support
>> OPs like keycloak
>> <https://github.com/apereo/cas/commit/be6fdec3556c05d746def349e517c6edd1b3e970>
>> has broken azure that I know of but may have broken others OIDC as well.
>>
>> The issue is with the addition code in added in the class
>> BaseDelegatedClientFactory particular changes in the
>> method getOidcConfigurationForClient
>>
>> The changes that have caused the issue is where you add
>> the OidcOpMetadataResolver.
>>
>> In terms of Azure due to fact the tenantId is not added to after the
>> getOidcConfigurationForClient has finished running, when the
>> OidcOpMetadataResolver tries to get the metadata the tenantid is null.
>>
>> The discovery uri is not valid as the discovery uri for azure is dyanmic
>> in nature as all calls go to microsoft the only difference is the tenantId
>> is injected into the discovery uri.
>>
>> This should take you directly to the BaseDelegatedClientFactory Diff
>> <https://github.com/apereo/cas/commit/be6fdec3556c05d746def349e517c6edd1b3e970#diff-5e05fa8ab312b15b99edb81fdc0b47d09eee40322777d981e6c0744c666c2b73>
>> from
>> the above commit.
>>
>> Due to there being many diferent ways to fix this issue for now I have
>> only reported it as I am unsure on how you would want it fixed.
>>
>> Regards,
>> Colin
>>
>
--
You received this message because you are subscribed to the Google Groups "CAS
Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-dev/61d0f405-1d1f-492a-9832-717cd2c7ae9en%40apereo.org.
