Unsupported responseType: Assertion
25 views
Skip to first unread message
Jan Tošovský
Jul 9, 2021, 12:05:22 PM7/9/21
to Pac4j users mailing list
I am trying to use pac4j for accessing Azure DevOps (github like portal), where a specific response type is required: "Assertion", see https://docs.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops#authorize-your-app
I can't see any way adding this type to my OidcConfig. When using code or id_token instead, I am getting HTTP 500 from Azure server.
I can't see any way adding this type to my OidcConfig. When using code or id_token instead, I am getting HTTP 500 from Azure server.
However, AFAIK there is no .well-known/openid-configuration for DevOps so I am building the client from scratch so the problem can be caused by something else...
OidcConfiguration devOpsOidcConfiguration = new OidcConfiguration();
devOpsOidcConfiguration.setClientId("<client_id>");
devOpsOidcConfiguration.setSecret("<secret>");
devOpsOidcConfiguration.setResponseType("code"); // "Assertion" here fails
devOpsOidcConfiguration.setUseNonce(true);
devOpsOidcConfiguration.addCustomParam("prompt", "consent");
devOpsOidcConfiguration.setScope("openid vso.code_full");
Issuer issuer = new Issuer("https://app.vssps.visualstudio.com");
List<SubjectType> subjectTypes = Arrays.asList(SubjectType.PUBLIC);
URI jwkSetURI = URI.create("https://login.microsoftonline.com/common/discovery/keys");
OIDCProviderMetadata providerMetaData = new OIDCProviderMetadata(issuer, subjectTypes, jwkSetURI);
providerMetaData.setAuthorizationEndpointURI(URI.create("https://app.vssps.visualstudio.com/oauth2/authorize"));
providerMetaData.setTokenEndpointURI(URI.create("https://app.vssps.visualstudio.com/oauth2/token"));
List<ResponseType> responseTypes = Arrays.asList(ResponseType.CODE); // here no "Assertion" value is available
providerMetaData.setResponseTypes(responseTypes);
devOpsOidcConfiguration.setProviderMetadata(providerMetaData);
Client devOpsClient = new OidcClient(devOpsOidcConfiguration);
String contextPath = event.getServletContext().getContextPath();
final Clients clients = new Clients(
"https://localhost:8080" + contextPath + "/callback",
devOpsClient
);
final Config config = new Config(clients);
final FilterHelper filterHelper = new FilterHelper(event.getServletContext());
final CallbackFilter callbackFilter = new CallbackFilter(config, "/");
callbackFilter.setRenewSession(true);
filterHelper.addFilterMapping("callbackFilter", callbackFilter, "/callback*");
final SecurityFilter devOpsFilter = new SecurityFilter(config, "OidcClient", DefaultAuthorizers.NONE);
filterHelper.addFilterMapping("devOpsFilter", devOpsFilter, "/app/*");
Any idea?
Thanks, Jan
Jérôme LELEU
Jul 12, 2021, 3:20:56 AM7/12/21
to Jan Tošovský, Pac4j users mailing list
Hi,
The specific "assertion" type is not supported.
Thanks.
Best regards,
Jérôme
--
You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/a2d1b451-65b0-4d75-8b77-002d68e61c64n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages