OIDC: this user can't understand how to generate sub claim
Cantor, Scott
cantor.2 at osu.edu
Tue Aug 30 16:35:36 UTC 2022
I guarantee you that any AttributeDefinition that encodes to "sub" is not producing any values, or it would work. So from that you can work backward to where the values should be coming from.
> The DataConnector for subjectId is the plain DataConnector taken from
> the conf/examples/oidc-attribute-resolver.xml
Sure, but where is it being applied as a dependency?
> In this setup uid is defined as:
> <AttributeDefinition id="uid" xsi:type="PrincipalName" />
Fine for testing, of course, but you should never deploy that. This is not an idle comment. I wouldn't even test that way, no matter how "simple" it seems. Subject IDs have to be stable and that could never be stable.
Anyway, where is "subjectId" actually being fed in as a dependency that will become "sub"?
-- Scott
More information about the users
mailing list