need add "access_token_issuer" to the list of expected token issuers
35 views
Skip to first unread message
Safa Achour
Oct 29, 2025, 5:25:12 AM (13 days ago) Oct 29
to WildFly
Hello,
We are using Wildfly 29 integrated with ADFS using OIDC authentication.
org.jose4j.jwt.consumer.InvalidJwtException: JWT (claims->*****) rejected due to invalid claims or other invalid content. Additional details: [[12] Issuer (iss) claim value (********/adfs/services/trust) doesn't match expected value of ******/adfs]
We are using Wildfly 29 integrated with ADFS using OIDC authentication.
when we use API we got issue :
org.jose4j.jwt.consumer.InvalidJwtException: JWT (claims->*****) rejected due to invalid claims or other invalid content. Additional details: [[12] Issuer (iss) claim value (********/adfs/services/trust) doesn't match expected value of ******/adfs]
After investigation we noticed that on ADFS OIDC configuration (****/adfs/.well-known/openid-configuration)
we have two issuers definition
{
"issuer": "*********/adfs",
--------
--------,
"access_token_issuer": "********/adfs/services/trust",
---------,
}
The issue is that elytron subsytem expects issuer equal "issuer" attribute but ADFS send
"access_token_issuer" on the generate access token.
is there a why to extend expected issuer list under IssVallidatror?
Safa Achour
Oct 30, 2025, 10:29:51 AM (11 days ago) Oct 30
to WildFly
is that possible by configurations ?
Reply all
Reply to author
Forward
0 new messages