9:33 a.m.
Hello,
Why are protocol mappers belonging to the token's Authorized Party (azp)
applied when requesting an RPT instead of those belonging to its Audience
(aud)?
For example, when a Token Exchange is performed, the mappers belonging to
the new Audience are applied, not the Authorized Party ones.
Concretely, we have detected that this behavior is being enforced at this
line of code:
AuthorizationTokenService.java#L248
<https://github.com/keycloak/keycloak/blob/24e60747b694ab4d03e8e1cbf8e4da7...
Is that correct? Shouldn't mappers belonging to the Audience be applied
instead?
Thank you in advance!
1:50 p.m.
Hi,
Good catch, could you file a JIRA please?
Regards.
Pedro Igor
On Thu, Oct 4, 2018 at 12:01 PM Francisco José Bermejo Herrera <
francisco.bermejo.herrera(a)tecsisa.com> wrote:
Hello,
Why are protocol mappers belonging to the token's Authorized Party (azp)
applied when requesting an RPT instead of those belonging to its Audience
(aud)?
For example, when a Token Exchange is performed, the mappers belonging to
the new Audience are applied, not the Authorized Party ones.
Concretely, we have detected that this behavior is being enforced at this
line of code:
AuthorizationTokenService.java#L248
<
https://github.com/keycloak/keycloak/blob/24e60747b694ab4d03e8e1cbf8e4da7...
>
Is that correct? Shouldn't mappers belonging to the Audience be applied
instead?
Thank you in advance!
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:23 a.m.
Hi Pedro,
Thanks for your quick reply. Here is the issue:
https://issues.jboss.org/browse/KEYCLOAK-8489
Regards,
Francisco Bermejo
El jue., 4 oct. 2018 a las 20:50, Pedro Igor Silva (<psilva(a)redhat.com>)
escribió:
Hi,
Good catch, could you file a JIRA please?
Regards.
Pedro Igor
On Thu, Oct 4, 2018 at 12:01 PM Francisco José Bermejo Herrera <
francisco.bermejo.herrera(a)tecsisa.com> wrote:
> Hello,
>
> Why are protocol mappers belonging to the token's Authorized Party (azp)
> applied when requesting an RPT instead of those belonging to its Audience
> (aud)?
> For example, when a Token Exchange is performed, the mappers belonging to
> the new Audience are applied, not the Authorized Party ones.
>
> Concretely, we have detected that this behavior is being enforced at this
> line of code:
> AuthorizationTokenService.java#L248
> <
>
https://github.com/keycloak/keycloak/blob/24e60747b694ab4d03e8e1cbf8e4da7...
> >
>
> Is that correct? Shouldn't mappers belonging to the Audience be applied
> instead?
>
> Thank you in advance!
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
2269
days inactive
2270
days old
2 comments
2 participants
participants (2)
-
Francisco José Bermejo Herrera -
Pedro Igor Silva