Merge branch 'master' of github.com:Evolveum/midpoint

Evolveum · Apr 27, 2023 · fba1e2c · fba1e2c
2 parents 329ff79 + acaf341
commit fba1e2c
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 4 deletions.
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
@@ -1135,7 +1135,7 @@
             <xsd:element name="nameOfUsernameClaim" type="xsd:string" minOccurs="0" maxOccurs="1">
                 <xsd:annotation>
                     <xsd:documentation>
-                        Name of claim in jwt, which value define name of user in Midpoint. Default value is 'sub'.
+                        Name of claim in jwt, which value define name of user in Midpoint.
                         <p>
                             Deprecated use attribute in token definition instead
                         </p>
@@ -1233,7 +1233,7 @@
             <xsd:element name="nameOfUsernameClaim" type="xsd:string" minOccurs="0" maxOccurs="1" default="sub">
                 <xsd:annotation>
                     <xsd:documentation>
-                        Name of claim in jwt, which value define name of user in Midpoint. Default value is 'sub'.
+                        Name of claim which value define name of user in Midpoint.
                     </xsd:documentation>
                 </xsd:annotation>
             </xsd:element>
@@ -1312,7 +1312,7 @@
                     <xsd:element name="userInfoUri" type="xsd:string" minOccurs="0" maxOccurs="1">
                         <xsd:annotation>
                             <xsd:documentation>
-                                Uri for user info endpoint.
+                                URI for user info endpoint.
                             </xsd:documentation>
                         </xsd:annotation>
                     </xsd:element>

diff --git a/.../authentication/impl/module/configuration/OpaqueTokenOidcResourceServerConfiguration.java b/.../authentication/impl/module/configuration/OpaqueTokenOidcResourceServerConfiguration.java
@@ -28,6 +28,7 @@
 import org.apache.cxf.common.util.Base64Utility;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrations;
+import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
@@ -90,7 +91,8 @@ private static OpaqueTokenOidcResourceServerConfiguration buildInternal(OidcAuth
             builder.registrationId("unknownRegistrationId");
         }
 
-        builder.clientId("unknownClientId");
+        //hack, we need ClientRegistration, but it can be empty we use only user info uri
+        builder.authorizationGrantType(AuthorizationGrantType.JWT_BEARER);
 
         if (StringUtils.isNotEmpty(opaqueTokenConfig.getUserInfoUri())) {
             builder.userInfoUri(opaqueTokenConfig.getUserInfoUri());