You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello
Owncloud does not retrieve user attributes from the OIDC server, although we have this information in the Token (see log)
We use CAS Apereo for OpenID Connect
For information, on our gitlab instance, we get all the attributes
cas | 2023-06-12 09:16:48,868 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
cas | =============================================================
cas | WHO: dupon
cas | WHAT: {grant_type=authorization_code, service=https://cloud.domain.fr/apps/openidconnect/redirect, response_type=none, scopes=[email, openid, profile], client_id=oidc-cloudtest, token=OC-2-********9o7RYaSVBPux6Mr1A9mm}
cas | ACTION: OAUTH2_ACCESS_TOKEN_REQUEST_CREATED
cas | APPLICATION: CAS
cas | WHEN: Mon Jun 12 09:16:48 UTC 2023
cas | CLIENT IP ADDRESS: ip.ip.ip..44
cas | SERVER IP ADDRESS: 10.10.1.3
cas | =============================================================
cas |
cas | >
cas | 2023-06-12 09:16:48,878 WARN [org.apereo.cas.oidc.token.OidcIdTokenGeneratorService] - <Individual claims requested by OpenID scopes are forced to be included in the ID token. This is a violation of the OpenID Connect specification and a workaround via dedicated CAS configuration. Claims should be requested from the userinfo/profile endpoints in exchange for an access token.>
cas | 2023-06-12 09:16:48,882 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
cas | =============================================================
cas | WHO: dupon
cas | WHAT: {access_token=AT-2-********VDdTEZwfdFOyqB-HvakR, refresh_token=RT-2-********suD-P6Ic7QMcx4kMYNjv, scope=email openid profile, id_token=********..., token_type=Bearer, expires_in=28800}
cas | ACTION: OAUTH2_ACCESS_TOKEN_RESPONSE_CREATED
cas | APPLICATION: CAS
cas | WHEN: Mon Jun 12 09:16:48 UTC 2023
cas | CLIENT IP ADDRESS: ip.ip.ip..44
cas | SERVER IP ADDRESS: 10.10.1.3
cas | =============================================================
cas |
cas | >
cas | 2023-06-12 09:16:48,954 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
cas | =============================================================
cas | WHO: dupon
cas | WHAT: {service=https://cloud.domain.fr/apps/openidconnect/redirect, attributes={name=[dupon Joe], given_name=[Joe], family_name=[dupon], email=[[email protected]]}, id=dupon, scopes=[email, openid, profile], client_id=oidc-cloudtest}
cas | ACTION: OAUTH2_USER_PROFILE_CREATED
cas | APPLICATION: CAS
cas | WHEN: Mon Jun 12 09:16:48 UTC 2023
cas | CLIENT IP ADDRESS: ip.ip.ip..44
cas | SERVER IP ADDRESS: 10.10.1.3
cas | =============================================================
cas |
cas | >
cas | 2023-06-12 09:16:49,763 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
cas | =============================================================
cas | WHO: audit:unknown
cas | WHAT: {result=Service Access Granted, service=https://cloud.domain.fr/apps/openidconnect/redirect, requiredAttributes={}}
cas | ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
cas | APPLICATION: CAS
cas | WHEN: Mon Jun 12 09:16:49 UTC 2023
cas | CLIENT IP ADDRESS: ip.ip.ip..44
cas | SERVER IP ADDRESS: 10.10.1.3
cas | =============================================================
cas |
cas | >
Thanks you in advance
The text was updated successfully, but these errors were encountered:
No - this is exclusively customer demand driven due the effort of setting up and maintaining test environments over the whole product life cycle. Sorry
Hello
Owncloud does not retrieve user attributes from the OIDC server, although we have this information in the Token (see log)
We use CAS Apereo for OpenID Connect
For information, on our gitlab instance, we get all the attributes
Config owncloud :
Log owncloud :
Log OIDC server :
Thanks you in advance
The text was updated successfully, but these errors were encountered: