You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the issue:
Dynamic parameters specified in the Additional Query Parameters and Scope fields within the IDP configuration (Identity Providers > OAuth2/OpenID Connect Configuration > OAuth2/OpenID Connect Configuration) are not passed to the IDP request with multi-option scenarios. This occurs because these parameters are not included in the redirection URL to the IDP[1] after selecting the option from multi-option page. However, these dynamic values are correctly mapped and passed when the IDP is configured as the only option in the first step.
How to reproduce:
Configure a federated IDP along with Basic Authentication in the first step.
Add ${idpreqparam} to both Additional Query Parameters and Scope in the IDP configuration.
Initiate the request with the following example URL (replace <client-ID> and <callback-url>):
Use a network tracer to inspect the parameters and scope in the IDP request.
When the IDP is configured with other authentication options in the first step, the dynamic parameters are not present in the IDP request.
When the IDP is the only available option in the first step, the dynamic parameters are correctly included in the request.
Expected behavior:
Dynamic additional query parameters should be mapped and passed correctly to the IDP request, regardless of whether the IDP is configured alog with other options or not.
Describe the issue:
Dynamic parameters specified in the
Additional Query ParametersandScopefields within the IDP configuration (Identity Providers > OAuth2/OpenID Connect Configuration > OAuth2/OpenID ConnectConfiguration) are not passed to the IDP request with multi-option scenarios. This occurs because these parameters are not included in the redirection URL to the IDP[1] after selecting the option from multi-option page. However, these dynamic values are correctly mapped and passed when the IDP is configured as the only option in the first step.How to reproduce:
Configure a federated IDP along with Basic Authentication in the first step.
Add
${idpreqparam}to bothAdditional Query ParametersandScopein the IDP configuration.Initiate the request with the following example URL (replace
<client-ID>and<callback-url>):Use a network tracer to inspect the parameters and scope in the IDP request.
When the IDP is configured with other authentication options in the first step, the dynamic parameters are not present in the IDP request.
When the IDP is the only available option in the first step, the dynamic parameters are correctly included in the request.
Expected behavior:
Dynamic additional query parameters should be mapped and passed correctly to the IDP request, regardless of whether the IDP is configured alog with other options or not.
Environment information
[1]. https://github.com/wso2-extensions/identity-outbound-auth-oidc/blob/b6eb4bac768d58575c80bd8b2d9f4d4a92af740a/components/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java#L1175C20-L1175C21
The text was updated successfully, but these errors were encountered: