Loading...

XML

Word

Printable

Details

Type: Task
Resolution: Done
Priority: Major
Fix Version/s: 1.20.1.Final, 2.0.0.Beta3, 1.19.1.Final
Affects Version/s: None
Component/s: HTTP
Labels:
None

Git Pull Request:
https://github.com/wildfly-security/wildfly-elytron/pull/1733

Description

The OidcRequestAuthenticator already supports forwarding a number query parameters when redirecting to the /authorize }}endpoint. Currently, the following query parameters are supported in wildfly-elytron: {{{}login_hint, kc_idp_hint, prompt, max_age, ui_locales, and scopes.

It would be helpful (see below) if the parameter domain_hint could also be forwarded to the /authorize endpoint. This parameter is supported by Microsoft Azure AD.

Motivation

We attempt to implement SSO with Azure AD using the elytron-oidc-client in Wildfly 26.0.1.Final. Our aim is to have no user interaction during login. This would allow us to use authentication against Azure AD for websites which are loaded in iframes within our corporate intranet portal site (Azure AD does not allow to display login forms in iframes). In order to achieve this we need to hint Azure AD which domain to use for logging on.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Christoph Böhme

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2022/07/21 12:17 PM

Updated:: 2022/08/17 4:17 PM

Resolved:: 2022/08/16 4:26 PM