Hello all, I have configured CAS 5.3.6 with protocol OpenId Connect protocol for authentication. Issue 1: Each scope should map to at least one or more claims. Right now it doesn’t matter which scope is chosen, always same set of claims is returned. Even if you provide no claims at all it still works, but should result in an error.
Issue 2: https://cas.example.org:8443/sso/oidc/.well-known/ => "id_token_signing_alg_values_supported":["none","RS256"], alg for signing jwt returns both valid value and "none". How to avoid "none" ? cas.properties: #OIDC cas.authn.oidc.scopes=openid,profile,email,roles cas.authn.oidc.claims = sub,email,givenName,isImpersonating, impersonator, firstName, lastName, roles, name cas.authn.oidc.userDefinedScopes.profile=isImpersonating, impersonator, firstName, lastName, roles cas.authn.oidc.userDefinedScopes.email=email cas.authn.oidc.userDefinedScopes.roles=roles cas.authn.oidc.issuer=http://cas.example.org:8443/cas/oidc # Map predefined OIDC claims to our principal (user) attributes cas.authn.oidc.claimsMap.givenName=firstName cas.authn.oidc.claimsMap.lastName=lastName cas.authn.oidc.claimsMap.mail=email cas.authn.oidc.claimsMap.authorites=roles cas.authn.oidc.claimsMap.name=name -- Thanks & regards, Devendra Mobile: +49 1748437888 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACE83cXti3mvOA_PxwuOQtZdALfW6SUQW5yS70PGhe9SXgbtUg%40mail.gmail.com.
