[OPENAM-4344] OAuth2 SAML bearer grant does not work - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 11.0.0, 12.0.0
Fix Version/s: 12.0.1, 13.0.0
Component/s: oauth2
Labels:
- EDISON
- release-notes

Target Version/s:

11.0.4, 12.0.1, 13.0.0
Rank:
1|hzm2ov:

Support Ticket IDs:

Verified Version/s:

12.0.1

Description

The SP adapter does not pass the realm to the access_token endpoint; only client_id, grant_type and assertion are sent.

User has setup SAML 2.0 bearer assertion profile for OAuth 2.0 under a sub-realm. IDP-inited single sign on succeeds but the /access_token endpoint returns:

{"error_description":"Client authentication failed","error":"invalid_client"}

EDIT:

The SAML 2.0 bearer was not bind. This issue also affected the top realm. The current fix only bind the SAML bearer which solve the issue on the top realm. However, the issue still exist on the realm : see ~~OPENAM-6552~~

Attachments

Issue Links

relates to

OPENAM-6552 access_token request sent by OAuth2Saml2GrantSPAdapter is not realm aware

Resolved

Activity

People

Assignee:

Quentin CASTEL [X] (Inactive)

Reporter:

Javed Shah

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

15/Aug/14 12:15 AM

Updated:

20/Nov/16 12:23 PM

Resolved:

13/Apr/15 2:05 PM