[OPENAM-13991] 'issuer' value in .well-known/openid-configuration response is incorrect for a sub-realm Created: 16/Nov/18 Updated: 24/Aug/20 Resolved: 08/Jan/19
|Affects Version/s:||220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 6.5.0|
|Fix Version/s:||13.5.3, 14.1.2, 188.8.131.52, 184.108.40.206, 6.5.1, 6.0.1, 5.5.2, 7.0.0|
|Reporter:||Andy Itter||Assignee:||Lawrence Yarham|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Sprint:||AM Sustaining Sprint 58|
|Support Ticket IDs:|
|Needs QA verification:||
|Are the reproduction steps defined?:||
Yes and I used the same an in the description
The 'issuer' value in the .well-known/openid-configuration output does not match the URL that requested it when a sub-realm is part of the request.
Note that this behaviour in 220.127.116.11 onward is different to the initial 6.0 release and also different to earlier releases due to
1). Install AM 18.104.22.168 and simply create a sub-realm, eg. named IDP and configure for OIDC using the wizard.
2). Request (specifying realm not using DNS alias) using the following format:
3). Inspect the results and note:
|Comment by Andrew Vinall [ 19/Nov/18 ]|
Bug Triage: Andy Itter Would you be able to try using the Base URL Provider Service as a workaround?
|Comment by Andy Itter [ 19/Nov/18 ]|
Andrew Vinall I have done and that doesn't appear to work for this use case?
|Comment by Ľubomír Mlích [ 10/Jan/19 ]|
Verified by tests in 22.214.171.124
|Comment by Ľubomír Mlích [ 18/Apr/19 ]|
Verified by tests in 126.96.36.199