OIDC extension - "Unable to produce a viable 'sub' claim" error
Ing. Jiří Špaček
jiri.spacek at fit.cvut.cz
Tue Feb 11 08:59:40 EST 2020
> (the encoder just turns into a rule internally)
I was not aware of that.
> Which...looks like the case? Your email mentioned a file named
> something else with -oidc.xml on the end. You would have to add that
> to services.xml as an additional resource for the
> AttributeRegistryService for encoders in that file to work, so
> documentation / "don't use a different resolver file".
>
That actually did the trick. I had to register
attribute-resolver-oidc.xml in
<util:list id ="shibboleth.AttributeRegistryResources">
<value>%{idp.home}/conf/attribute-registry.xml</value>
<value>%{idp.home}/system/conf/attribute-registry-system.xml</value>
<value>%{idp.home}/conf/attributes/default-rules.xml</value>
<value>%{idp.home}/conf/attribute-resolver.xml</value>
<value>%{idp.home}/conf/attribute-resolver-oidc.xml</value>
</util:list>
but I only done it in here:
<util:list id ="shibboleth.AttributeResolverResources">
<value>%{idp.home}/conf/attribute-resolver.xml</value>
<value>%{idp.home}/conf/attribute-resolver-ldap.xml</value>
<value>%{idp.home}/conf/attribute-resolver-oidc.xml</value>
</util:list>
With this change, the configuration provided in the java-idp-oidc works
out of the box for me.
Thank you for the quick reply!
Jiri
More information about the users
mailing list