Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenID Connect Client 1.0 attribute issuer should be issuerIdentifier #7780

Closed
dmuelle opened this issue Dec 18, 2024 · 1 comment
Closed

OpenID Connect Client 1.0 attribute issuer should be issuerIdentifier #7780

dmuelle opened this issue Dec 18, 2024 · 1 comment
Assignees
@dmuelle
Labels
doc bug Something isn't working.
Milestone
25.0.0.1

Comments

@dmuelle
Copy link
Member

dmuelle commented Dec 18, 2024

OpenLiberty topic "OpenID Connect Client 1.0" https://openliberty.io/docs/latest/reference/feature/openidConnectClient-1.0.html#jwt section "Configure JSON Web Token (JWT) authentication for OpenID Connect"

  1. Example code snippet:
<openidConnectClient id="RP1" issuer="https://hostname/op1"  ... />
<openidConnectClient id="RP2" issuer="https://hostname/op2" authFilterRef="rp2filter" .../>

<authFilter id="rp2filter">
  ...
</authFilter>
  • There is no issuer attribute for the openidConnectClient element. The word issuer= should be corrected to issuerIdentifier=
  1. Description of precedence "Open Liberty selects the openidConnectClient configuration to use for a JWT request according to the following algorithm." currently says:
1. If the authentication filter for a openidConnectClient configuration matches the request, choose that configuration.
2. If the issuer claim from the JWT matches the issuer attribute in only one openidConnectClient configuration element, choose that configuration.
3. If the issuer claim from the JWT matches the issuer attribute in multiple openidConnectClient configuration elements, choose the first configuration that matches.
4. If the issuer claim from the JWT does not match the issuer attribute in any openidConnectClient configuration elements, choose between all of the configuration elements in a nondeterministic manner.
  • The words issuer attribute should be corrected to issuerIdentifier attribute
@dmuelle dmuelle self-assigned this Dec 18, 2024
@dmuelle dmuelle added this to the 25.0.0.1 milestone Dec 18, 2024
@dmuelle dmuelle added the doc bug Something isn't working. label Dec 18, 2024
dmuelle added a commit that referenced this issue Dec 18, 2024
@dmuelle
update attribute name
f5cb858 
#7780
@dmuelle dmuelle mentioned this issue Dec 18, 2024
Merged
dmuelle added a commit that referenced this issue Dec 18, 2024
@dmuelle
fix attribute camel case
6d179e9 
#7780
@dmuelle dmuelle mentioned this issue Dec 18, 2024
Merged
@dmuelle
Copy link
Member Author

dmuelle commented Dec 18, 2024

The page is updated to use the correct attribute name:

https://docs-draft-openlibertyio.mqj6zf7jocq.us-south.codeengine.appdomain.cloud/docs/latest/reference/feature/openidConnectClient-1.0.html

@dmuelle dmuelle closed this as completed Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dmuelle dmuelle

Labels
doc bug Something isn't working.
Projects
None yet
Milestone
25.0.0.1
Development

No branches or pull requests
1 participant
@dmuelle