[mitreid-connect] Encrypted requests do not work
Terbu Oliver
terbu at staatsdruckerei.at
Tue Oct 25 02:58:02 EDT 2016
Hi,
I'm using encrypted request objects for the authorization request using org.mitre.openid.connect.client.service.impl.EncryptedAuthRequestUrlBuilder. The request was built fine but the server cannot process it completely successfully. The server successfully decrypts the object and creates the authorization request in org.mitre.openid.connect.request.ConnectOAuth2RequestFactory but when org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint processes the decrypted authorization request further, it fails to retrieve the redirect_uri from the request parameters in
org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint::authorize at this line String redirectUriParameter = authorizationRequest.getRequestParameters().get(OAuth2Utils.REDIRECT_URI);.
There might be a bug in
org.mitre.openid.connect.request.ConnectOAuth2RequestFactory which should set the request parameters map of the authorization request accordingly,
or there might be a bug in spring security (org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint) which should look at the decrypted redirectUri attribute for the redirect URI in addition.
Has anybody encountered a similar issue? Any help greatfully appreciated.
Thanks,
Oliver
More information about the mitreid-connect
mailing list