Menu
▾
▴
Re: [Unity-idm-discuss] OAuth authorization request with preselected IdP
|
From: Nikolaos E. <ni...@ad...> - 2018-07-06 11:00:50
|
Hello Krzysztof,
OK, I will try to describe my use case. I have created an OAuth client and I want to make an authorization request. The only change I want to make is, when the user login to unity, to preselect an IdP for him instead to present him/her multiple IdPs, only for this client. I tried to select the IdP using the URL parameters (?uy_select_authn=samlWeb.${authenticationOptionId}&uy_auto_login=true) but it wasn’t working because uy_select_authn and uy_auto_login were ignored.
I then tried your suggestion to create an authorization endpoint and an authenticator with only one IdP.
When I set unity.endpoint.web.autoLogin=true the flow asks from the user to login 2 times.
[cid:2F7...@ad...]
When I set unity.endpoint.web.autoLogin=false the flow works fine.
[cid:B4A...@ad...]
However the user still needs to select the marine IdP even though it’s the only option.
Is it possible to skip this step?
Regards,
Nick
On 4 Jul 2018, at 10:03, Krzysztof Benedyczak <kb...@un...<mailto:kb...@un...>> wrote:
Nikolaos,
W dniu 28.06.2018 o 08:46, Nikolaos Evangelou pisze:
Hello Krzysztof,
I have a different approach for this subject. The users are using a web portal where they request tokens from a client of b2access.
The request is: https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?response_type=code&redirect_uri=https%3A%2F%2Fsnf-761524.vm.okeanos.grnet.gr%2Fb2access%2Frefreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile<https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?response_type=code&redirect_uri=https://snf-761524.vm.okeanos.grnet.gr/b2access/refreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile>
After that the flow will throw the users here: https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz-web-entry to login
Is it possible, instead of the previous url, to redirect the users in this login screen https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz-web-entry?uy_select_authn=samlWeb.marine&uy_auto_login=true for that specific client?
I have tried to pass these parameters to the authorisation request (like this https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?uy_select_authn=samlWeb.marine&uy_auto_login=true&response_type=code&redirect_uri=https%3A%2F%2Fsnf-761524.vm.okeanos.grnet.gr%2Fb2access%2Frefreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile<https://unity.eudat-aai.fz-juelich.de/oauth2-as/oauth2-authz?uy_select_authn=samlWeb.marine&uy_auto_login=true&response_type=code&redirect_uri=https://snf-761524.vm.okeanos.grnet.gr/b2access/refreshtoken.php&client_id=sdc-test-client-id&scope=openid+email+profile> ) but it doesn’t work.
Can you rephrase and extend your use case? I have made 2nd approach to read it and I'm filing to understand. Just precisely describe what you want to realize and then how you try this.
Best,
Krzysztof
|
