[Koha-bugs] [Bug 30988] Add generic OpenIDConnect client implementation
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jun 27 08:14:31 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30988
--- Comment #35 from David Cook <dcook at prosentient.com.au> ---
As an aside, I've been thinking a bit about how email address isn't necessarily
the best matching point.
Technically, the "sub" standard claim is the identifier for the user.
(https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims)
For a IdP like Keycloak, it will send a UUID as the "sub" claim, although you
can override this in Keycloak to use whatever you want (e.g. email).
I was working on a SAML setup the other day and the Keycloak SAML IdP sent an
identifier like
"https://keycloak_idp_site...!https://client_site!<username>
Anyway, I don't think it's just a blocker. Just something that Koha could think
about more in general.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list