clear out authn profile for oidc when scopes are missing

apereo · Jul 21, 2023 · cedfa00 · cedfa00
1 parent ce58855
commit cedfa00
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/...ore-api/src/main/java/org/apereo/cas/oidc/profile/OidcProfileScopeToAttributesFilter.java b/...ore-api/src/main/java/org/apereo/cas/oidc/profile/OidcProfileScopeToAttributesFilter.java
@@ -65,7 +65,7 @@ public Principal filter(final Service service,
                 LOGGER.warn("Request does not indicate a scope [{}] that can identify an OpenID Connect request. "
                             + "This is a REQUIRED scope that MUST be present in the request. Given its absence, "
                             + "CAS will not process any attribute claims and will return the authenticated principal as is.", scopes);
-                return principal;
+                return principalFactory.createPrincipal(profile.getId());
             }
 
             scopes.retainAll(casProperties.getAuthn().getOidc().getDiscovery().getScopes());
@@ -77,7 +77,7 @@ public Principal filter(final Service service,
 
             filterAttributesByAccessTokenRequestedClaims(oidcService, accessToken, principal, attributes);
             LOGGER.debug("Final collection of attributes are [{}]", attributes);
-            return this.principalFactory.createPrincipal(profile.getId(), attributes);
+            return principalFactory.createPrincipal(profile.getId(), attributes);
         }
         return principal;
     }