•  
      request #12832 Support Azure AD as an OpenID Connect provider
    Infos
    #12832
    Thomas Gerbet (tgerbet)
    2019-12-18 12:07
    2019-01-25 14:10
    13026
    Details
    Support Azure AD as an OpenID Connect provider
    The current implementation of the ID token validation [0] expects that the login/provider URL is the same than the issuer URL. It is not the case for some providers.

    The only example I am aware of is Azure Active Directory [1] where the login URL is something like https://login.microsoftonline.com/common/ or https://login.microsoftonline.com/{tenant_id} and the issuer URL is something like https://sts.windows.net/{tenant_id}/.



    [0] https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
    [1] https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc
    enhancement
    Authentication & LDAP
    All
    Empty
    stefano.amadori@st.com
    Stage
    Lorentz Romain (lorentzr)
    Closed
    2019-12-10
    Attachments
    Empty
    References

    Follow-ups