Project

General

Profile

Actions

Bug #17335

closed

OpenID Connect 'prompt' parameter should be configurable

Added by Peter Amstutz almost 4 years ago. Updated almost 4 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Login
Target version:
Story points:
-
Release relationship:
Auto

Description

When controller redirects the user to the OpenID Connect endpoint, it sets "prompt=select_account". This is supported by Google but with PingFederate it results in a "not supported" error, so the user cannot log in. "prompt" seems to be an optional field in OIDC, so presumably you get default behavior if it isn't explicitly included. The "prompt" value should be configurable, or not added at all when the configuration value is blank.

Suggested behavior:

  • Google login continues to use prompt=select_account
  • OIDC configuration gets an "ExtraParameters" section that allows providing arbitrary parameters that will be set with AuthURLParam().

Files

arvados-controller-f949cc3.gz (16.5 MB) arvados-controller-f949cc3.gz Tom Clegg, 02/05/2021 02:40 PM

Subtasks 1 (0 open1 closed)

Task #17336: Review 17335-oidc-auth-paramsResolvedPeter Amstutz02/04/2021Actions
Actions

Also available in: Atom PDF