OIDC RP may fail to login if clientSecret is not configured TS005720300 #17344
Labels
release bug
This bug is present in a released version of Open Liberty
release:21007
team:Security SSO
Projects
Describe the bug
In the OIDC RP, when no
clientSecret
is configured, validation of the signature of the JWT may fail with a message similar to:CWWKS1739E: A signing key required by signature algorithm [none] was not available. null
Steps to Reproduce
Configure the Liberty RP without a clientSecret:
Configure a Liberty OP without a clientSecret:
Expected behavior
A clear and concise description of what you expected to happen.
Diagnostic information:
The text was updated successfully, but these errors were encountered: