How to disable the delegatedclientid HTTP parameter in a FranceConnect process?
15 views
Skip to first unread message
Boris P1
Apr 19, 2019, 4:36:54 AM4/19/19
to CAS Community
Good morning all,
We are doing the migration of CAS to its 5.3.9 version.
The step we are attempting to realize is the authentication delegation with FranceConnect.
Always according to the apereo.github documentation, we implement the CAS overlay template to reach it.
Nevertheless, we have recently discovered that the Maven dependency related to pac4j, cas-server-support-pac4j-webflow, does not respect rigorously the FranceConnect protocol because one class does force the delegatedclientid HTTP parameter to be in the URL handled by FranceConnect, which is explicitly not necessary with FranceConnect.
The concerning class is the following:
org.apereo.cas.web.DelegatedClientWebflowManager
Which is here:
We are doing the migration of CAS to its 5.3.9 version.
The step we are attempting to realize is the authentication delegation with FranceConnect.
Always according to the apereo.github documentation, we implement the CAS overlay template to reach it.
Nevertheless, we have recently discovered that the Maven dependency related to pac4j, cas-server-support-pac4j-webflow, does not respect rigorously the FranceConnect protocol because one class does force the delegatedclientid HTTP parameter to be in the URL handled by FranceConnect, which is explicitly not necessary with FranceConnect.
The concerning class is the following:
org.apereo.cas.web.DelegatedClientWebflowManager
Which is here:
During the delegation process, FranceConnect stops it and specifies some informations about this parameter:
"The following fields are not supposed to be present : delegatedclientid"
For information, the different existing HTTP parameters in the URL are the following:
scope
response_type
redirect_uri
state
nonce
delegatedclientid
client_id
Please, is this parameter very necessary in this class or is there a way to disable it?
Boris.
"The following fields are not supposed to be present : delegatedclientid"
For information, the different existing HTTP parameters in the URL are the following:
scope
response_type
redirect_uri
state
nonce
delegatedclientid
client_id
Please, is this parameter very necessary in this class or is there a way to disable it?
Boris.
Reply all
Reply to author
Forward
0 new messages