Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-13991

'issuer' value in .well-known/openid-configuration response is incorrect for a sub-realm

    Details

    • Sprint:
      AM Sustaining Sprint 58
    • Story Points:
      3
    • Needs backport:
      No
    • Support Ticket IDs:
    • Verified Version/s:
    • Needs QA verification:
      No
    • Functional tests:
      Yes
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      The 'issuer' value in the .well-known/openid-configuration output does not match the URL that requested it when a sub-realm is part of the request.

      Note that this behaviour in 6.0.0.2 onward is different to the initial 6.0 release and also different to earlier releases due to OPENAM-12784

       

      How to reproduce the issue

      1). Install AM 6.0.0.5 and simply create a sub-realm, eg. named IDP and configure for OIDC using the wizard.

      2). Request (specifying realm not using DNS alias) using the following format:

      http://openam.example.com:8080/AM6/oauth2/IDP/.well-known/openid-configuration

      3). Inspect the results and note:

      "issuer":"http://openam.example.com:8080/AM6/oauth2/realms/root/realms/IDP"

       

      Expected behaviour (as seen in AM 6.0.0.1 and earlier releases)
      Request:
      
      http://openam.example.com:8080/AM6/oauth2/IDP/.well-known/openid-configuration
      
      From the response:
      
      "issuer":"http://openam.example.com:8080/AM6/oauth2/IDP
      Current behaviour
      Request:
      
      http://openam.example.com:8080/AM6/oauth2/IDP/.well-known/openid-configuration
      
      From the response:
      
      "issuer":"http://openam.example.com:8080/AM6/oauth2/realms/root/realms/IDP"
      

       

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lawrence.yarham Lawrence Yarham
                Reporter:
                andy.itter Andy Itter
                QA Assignee:
                Ľubomír Mlích
              • Votes:
                1 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: