Shibboleth IDP for OAuth2
ritterhoff.florian at hm.edu
Tue Aug 9 18:41:54 UTC 2022
Yep. Thats prop the issue. How can I configure that a resource server is
used/identified :) ?
Am 09.08.2022 um 20:40 schrieb Cantor, Scott via users:
>> Is there maybe any special setting that I could check?
> I suspect you're issuing a first-party (OP only) token here. If the audience set is empty, the OP is only issuing tokens to itself, which means a) they shouldn't need be JWTs and b) they definitely don't need any custom claims.
> If a resource server is identified and is an acceptable token audience, then the code behaves very differently and will include other claims, allow for encryption, etc.
> -- Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
More information about the users