Shibboleth IDP for OAuth2

Florian Ritterhoff ritterhoff.florian at
Tue Aug 9 18:41:54 UTC 2022

Yep. Thats prop the issue. How can I configure that a resource server is 
used/identified :) ?

Florian Ritterhoff

Am 09.08.2022 um 20:40 schrieb Cantor, Scott via users:
>>     Is there maybe any special setting that I could check?
> I suspect you're issuing a first-party (OP only) token here. If the audience set is empty, the OP is only issuing tokens to itself, which means a) they shouldn't need be JWTs and b) they definitely don't need any custom claims.
> If a resource server is identified and is an acceptable token audience, then the code behaves very differently and will include other claims, allow for encryption, etc.
> -- Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the users mailing list