You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Jeffry Johnson <je...@gmail.com> on 2021/08/08 01:59:55 UTC
Re: Issue with Oauth2 integration
So we actually managed to fix this issue. The userinfo endpoint from
Microsoft does not return any claims aside from sub which is really just
garbage.
We created a site to pass the at
Access token to that decodes and returns the claims in the access token.
Open meetings oauth2 needs a redesign that will allow us to pick if we want
to use a userinfo endpoint or just use an id token returned from the token
endpoint. I'd be happy to provide more data for this upgrade if needed and
any guidance you might need but this would allow Microsoft adfs users
integrate a lot easier.
On Fri, Jul 30, 2021, 23:29 Maxim Solodovnik <so...@gmail.com> wrote:
> Hello Jeffry,
>
> I have commented
> https://issues.apache.org/jira/projects/OPENMEETINGS/issues/OPENMEETINGS-2633
> 4 days ago
> (no answer)
>
> Unfortunately I understand nothing from your email :(
> I'm not native English speaker, so please try to provide more details :)
>
> On Fri, 30 Jul 2021 at 23:14, Jeffry Johnson <je...@gmail.com>
> wrote:
>
>> We are trying to get ADFS to work with our instance of OM. See
>> https://issues.apache.org/jira/projects/OPENMEETINGS/issues/OPENMEETINGS-2633 for
>> the bug reported by one of our developers. I am getting successful token
>> responses, but I need to know how to map OM attributes to claims from the
>> response. Such as: c:[Type == "
>> http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname",
>> Issuer == "AD AUTHORITY"]
>> => issue(store = "Active Directory", types = ("
>> http://schemas.xmlsoap.org/claims/FirstName", "
>> http://schemas.xmlsoap.org/claims/LastName", "
>> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "
>> http://schemas.xmlsoap.org/claims/EmployeeID", "
>> http://schemas.xmlsoap.org/claims/ManagerEmail", "
>> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"),
>> query = ";givenName,sn,mail,employeeID,managerEmail,sAMAccountName;{0}",
>> param = c.Value);
>>
>> Please help!
>>
>
>
> --
> Best regards,
> Maxim
>