Bug #17335
Updated by Peter Amstutz about 3 years ago
When controller redirects the user to the OpenID Connect endpoint, it sets "prompt=select_account". This is supported by Google but with PingFederate it results in a "not supported" error, so the user cannot log in. "prompt" seems to be an optional field in OIDC, so presumably you get default behavior if it isn't explicitly included. The "prompt" value should be configurable, or not added at all when the configuration value is blank. Suggested behavior: * Google login continues to use prompt=select_account * OIDC configuration gets an "ExtraParameters" section a "LoginPrompt" item that allows providing arbitrary parameters that will be set with AuthURLParam(). is empty by default. When empty, it is not added to login redirect.