OIDC extension and ClearAttributeReleaseConsent

Darren Boss darren.boss at computecanada.ca
Wed Aug 19 12:52:28 UTC 2020

I'm running Shibboleth IdP version 4.0.1 deployed as a container using
the most recent build (shib-idp:4.0.1_20200717) as a base to which I
add the 2.0.0 OIDC extension via Docker build.

I don't have all that many OIDC clients yet and most are applications
developed in house. I just setup Harbor which is an open source
container registry with OIDC as they don't support SAML. I'm getting
the attribute consent release on every authentication and seeing
in the logs.

I double checked all the other registered OIDC clients and none of
them exhibit this behavior and a few of them have the same scopes or
even an additional scope configured and behave normally.

Any thoughts on what I should check? Since this is an internal
deployment, I will likely bypass the consent ui for this client but
I'd like to figure out why this is occurring before doing so.
Darren Boss
Senior Programmer/Analyst
Programmeur-analyste principal
darren.boss at computecanada.ca

More information about the users mailing list