[
https://issues.apache.org/jira/browse/FEDIZ-203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16105093#comment-16105093
]
Jan Bernhardt commented on FEDIZ-203:
-------------------------------------
Hi Sergey & Colm,
it is not working for me. Have I done something wrong or is this story not
fully implemented?
In my application I configured to request the "role" scope, resulting into the
following redirect
https://localhost:8443/fediz-oidc/idp/authorize?client_id=aNP5bVYgHgM8jx&response_type=code&scope=openid%20profile%20email%20roles&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Foauth2&state=0ce9caa7a23b33cd619f7dbd3aef1e8e38aa778b9c1bd223b701f14b47c3
When getting my access token the role scope is included
{code}
{"access_token":"f07db1ec112571053aaed848d894d1c","token_type":"Bearer","expires_in":3600,"scope":"openid
profile email roles","id_token":"eyJh...asd"}
{code}
But when requesting userinfo from
https://localhost:8443/fediz-oidc/users/userinfo I don't get any roles in return
{code}
{"sub":"OYsDAYwulujbGJOL6tB4UA","preferred_username":"Jan
Bernhardt","name":"Jan
Bernhardt","given_name":"Jan","family_name":"Bernhardt","email":"[email protected]"}
{code}
The SAML Token which was used for authentication contained several role claim
values which are taken care of by the fediz tomcat plugin.
> Support "roles" scope
> ---------------------
>
> Key: FEDIZ-203
> URL: https://issues.apache.org/jira/browse/FEDIZ-203
> Project: CXF-Fediz
> Issue Type: New Feature
> Components: OIDC
> Reporter: Jan Bernhardt
> Assignee: Jan Bernhardt
> Fix For: 1.4.1
>
> Attachments: cxf.patch, fediz.patch
>
>
> OIDC currently only supports role claims if they are requested as "claims"
> but not via "scope". Goal of this jira issue is to add support for a "roles"
> scope.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
