AD FS 2019 issues #106

christophvw · 2023-10-05T16:26:15Z

AD FS returns only the subject claim on /userinfo and userinfo works only when you pass "resource"=> "urn:microsoft:userinfo" on /authorize

So we have to extract the claims from the access_token and do not call the userInfo Url at all in this case.

christophvw · 2023-10-06T07:00:17Z

When I extract the email adress (email = username here) from the token and remove the call to the userinfo endpoint I can login successfully:

$acc_token = json_decode(base64_decode(explode('.', $result->access_token)[1]));
$providerUserId = $acc_token->email

christophvw · 2023-10-06T11:27:21Z

My config:

apache2:
RewriteEngine On
RewriteRule ^/oidc/callback /index.php?module=LoginOIDC&action=callback&provider=oidc [QSA,NE,R,L]

Maybe it would be useful to be able to leave userinfo url empty in this case - and when it is empty - try to extract the claim from the token.

christophvw · 2024-03-04T16:39:32Z

christophvw mentioned this issue Oct 11, 2023

email claim on userinfo endpoint #96

Open

christophvw mentioned this issue Nov 27, 2023

Sign in callback URL not redirecting to Dashboard. #107

Open

Provide feedback