Menu
▾
▴
Re: [Unity-idm-discuss] OAuth authorization request with preselected IdP
|
From: Nikolaos E. <ni...@ad...> - 2018-07-03 14:22:53
|
Hello Krzysztof,
I’m testing your suggestion to create a separate oauth authorization endpoint, but I got some issues. When I make an authentication request to the new endpoint, I go directly to the login page of my preselected IdP (as expected) but after the login I got stack to ${new_endpoint}/oauth2-authz-web-entry portal, and I’m asked to login again. Do you have any suggestion to deal with this issue?
Regards,
Nick
On 28 Jun 2018, at 09:46, Nikolaos Evangelou <ni...@ad...<mailto:ni...@ad...>> wrote:
Hello Krzysztof,
I have a different approach for this subject. The users are using a web portal where they request tokens from a client of b2access.
The request is: https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?response_type=code&redirect_uri=https%3A%2F%2Fsnf-761524.vm.okeanos.grnet.gr%2Fb2access%2Frefreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile<https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?response_type=code&redirect_uri=https://snf-761524.vm.okeanos.grnet.gr/b2access/refreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile>
After that the flow will throw the users here: https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz-web-entry to login
Is it possible, instead of the previous url, to redirect the users in this login screen https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz-web-entry?uy_select_authn=samlWeb.marine&uy_auto_login=true for that specific client?
I have tried to pass these parameters to the authorisation request (like this https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?uy_select_authn=samlWeb.marine&uy_auto_login=true&response_type=code&redirect_uri=https%3A%2F%2Fsnf-761524.vm.okeanos.grnet.gr%2Fb2access%2Frefreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile<https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?uy_select_authn=samlWeb.marine&uy_auto_login=true&response_type=code&redirect_uri=https://snf-761524.vm.okeanos.grnet.gr/b2access/refreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile> ) but it doesn’t work.
Best Regards,
Nick
On 8 Jun 2018, at 11:59, Nikolaos Evangelou <ni...@ad...<mailto:ni...@ad...>> wrote:
Hi Krzysztof,
Let me explain the process with more details. The oauth authorisation flow is: the user sends a authorisation request to /oauth2-authz endpoint (using a web application client) he would redirect to b2access development instance and select an IdP. After login he will be redirected back to the client with a token. The change we want to make to this flow is to preselect a specific IdP for the user for this specific client. Can unity provide this option?
Regards,
Nick
On 8 Jun 2018, at 10:38, Krzysztof Benedyczak <kb...@un...<mailto:kb...@un...>> wrote:
Hi Nikolaos,
W dniu 07.06.2018 o 13:30, Nikolaos Evangelou pisze:
Hello Krzysztof,
Based on this session of the unity idm documentation http://www.unity-idm.eu/documentation/unity-2.4.0/manual.html#_preselected_automated_authentication I managed to preselect an IdP and auto login using the parameters ?uy_select_authn=samlWeb.${authenticationOptionId}&uy_auto_login=true . It’s possible to make a OIDC authorization request with preselected IdP for a specific client?
I'm not sure if I understand the question. As you succeeded with auto-login with those options, which are provided by a client, you should be able to selectively use them only for your specific client.
If the problem is that you can use those special query params for that client, you can enable this server-side. Create a separate oauth authorization endpoint in Unity and configure it to auto-login all clients (unity.endpoint.web.autoLogin=true). Then point your specific client to that endpoint.
Best
Krzysztof
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://slashdot.org/>! http://sdm.link/slashdot_______________________________________________
Unity-idm-discuss mailing list
Uni...@li...<mailto:Uni...@li...>
https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot_______________________________________________
Unity-idm-discuss mailing list
Uni...@li...<mailto:Uni...@li...>
https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss
|
