You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the issue:
Dynamic parameters specified in the Additional Query Parameters and Scope fields within the IDP configuration (Identity Providers > OAuth2/OpenID Connect Configuration > OAuth2/OpenID Connect Configuration) are not passed to the IDP request during MFA scenarios. This occurs because these parameters are not included in the redirection URL to the IDP[1] after the first step is completed. However, these dynamic values are correctly mapped and passed when the IDP is configured as the first step.
How to reproduce:
Configure the IDP as the second step, with Basic Authentication as the first step.
Add ${idpreqparam} to both Additional Query Parameters and Scope in the IDP configuration.
Initiate the request with the following example URL (replace <client-ID> and <callback-url>):
Use a network tracer to inspect the parameters and scope in the IDP request.
When the IDP is configured as the second step, the dynamic parameters are not present in the IDP request.
When the IDP is configured as the first step, the dynamic parameters are correctly included in the request.
Expected behavior:
Dynamic additional query parameters should be mapped and passed correctly to the IDP request, regardless of whether the IDP is configured as the first or second step.
Describe the issue:
Dynamic parameters specified in the
Additional Query ParametersandScopefields within the IDP configuration (Identity Providers > OAuth2/OpenID Connect Configuration > OAuth2/OpenID ConnectConfiguration) are not passed to the IDP request during MFA scenarios. This occurs because these parameters are not included in the redirection URL to the IDP[1] after the first step is completed. However, these dynamic values are correctly mapped and passed when the IDP is configured as the first step.How to reproduce:
Configure the IDP as the second step, with Basic Authentication as the first step.
Add
${idpreqparam}to bothAdditional Query ParametersandScopein the IDP configuration.Initiate the request with the following example URL (replace
<client-ID>and<callback-url>):Use a network tracer to inspect the parameters and scope in the IDP request.
When the IDP is configured as the second step, the dynamic parameters are not present in the IDP request.
When the IDP is configured as the first step, the dynamic parameters are correctly included in the request.
Expected behavior:
Dynamic additional query parameters should be mapped and passed correctly to the IDP request, regardless of whether the IDP is configured as the first or second step.
Environment information
[1]. https://github.com/wso2-extensions/identity-outbound-auth-oidc/blob/b6eb4bac768d58575c80bd8b2d9f4d4a92af740a/components/org.wso2.carbon.identity.application.authenticator.oidc/src/main/java/org/wso2/carbon/identity/application/authenticator/oidc/OpenIDConnectAuthenticator.java#L1175C20-L1175C21
The text was updated successfully, but these errors were encountered: