Testing SSO providers for Social Login: (1) from pre-integrated RH-SSO (2) from pre-registered RH-SSO and Open Liberty Operator

[meiaus]

Background dev work:

• Updates in Open Liberty Operator to configure OpenID Connect client kabanero-io/kabanero-security#8
• IAM: Provide Support for Red Hat SSO in Open Liberty- Part 2 kabanero-io/kabanero-security#63

Delivery:

• https://github.com/OpenLiberty/ci.docker

1. Pre-integrated RH-SSO Test work items:

• set up sso providers:

• • facebookLogin
• • linkedinLogin
• • githubLogin (github.com)
• • githubLogin (github.ibm.com)
• • googleLogin
• • twitterLogin
• • oauth2Login (using github.com)
• • oidcLogin (using google.com)
• • oidcLogin (using rh-sso)

• each sso provider configured in Liberty server variables <variable name= value= /> in a server xml file at image build time

• each sso provider passed in as environment variables at build time (Dockerfile)

• each sso provider passed in as environment variables at start time (docker container)

• validate parameters from tracing
  server_trace.log

• investigated routes with TLS Termination: Edge and Re-encrypt (both not working at this time)

• Test with TLS Termination Passthrough

• Test with getcert.sh and server.env to handle trust certificate between open liberty and social media as well as between open liberty and RH-SSO (within Open Shift cluster)

• validate RedirectToRPHostAndPort

• pod event output

• pod log (open liberty messages.log)
  messages.log

• For testing purpose, "getcerts.sh" was used to handle trust certificate between open liberty and social media, as well as between open liberty and RH-SSO (within open shift cluster)
  See item 2 on Pre-registered below - [ ] each sso provider passed in through an include file by the Liberty operator at start time.
  - - [ ] When operator becomes available from Leo in an early build, try that out.  Make sure ssl can be configured.
  - - [ ] See if operator's ability to set redirectToRPHostAndPort is working.
  - - [ ] Do full config from operator and make sure trace of config params matches what we got without operator.
  - [ ] final test with the merged code

• Document the test details in box note (https://ibm.ent.box.com/notes/623216495506)

2. Pre-registered RH-SSO and Open Liberty Operator work items:

• Install Open Liberty Operator

• Create secret (to contain client ID, secret for social media and RH-SSO)

• Create OLA (OpenLibertyApplication) deployment yaml (with sso spec and other env variables)

• Docker build time with ENV variables (SEC_TLS_TRUSTDEFAULTCERTS=true, SEC_IMPORT_K8S_CERTS=true)

• Deploy OLA and also containing below ENV when Dockerfile not containing them:

• • ENV SEC_TLS_TRUSTDEFAULTCERTS=true to handle trust certificates for social media
• • ENV SEC_IMPORT_K8S_CERTS=true to handle trust certificates for RH-SSO (within Open Shift Cluster)
• • Validate cert_defaultKeyStore=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt in server.env to handle the trust certificate for RH-SSO

• Secured Route with Passthrough TLS Termination

• (Updated 4/14/2020) TLS Termination with Reencrypt using Open Shift Cert-manager worked, git issue closed: Pre-registered RH-SSO scenario: Investigate Route's TLS Termination with Reencrypt using Open Shift Cert-manager #3)

• • messages.log
• • server_trace.log

• Passthrough scenario: messages.log

• Passthrough scenario: server_trace.log.zip

• Document the test details in box note (https://ibm.ent.box.com/notes/648295410899)

[meiaus]

• Received build_sso.zip from Bruce
• Attempted 1st path using variables in server.xml with facebook, linkedin, github.com, github.ibm.com, twitter (new dev app created), google (new dev app created), oauth2
• The above attempted mostly worked except twitter. (Haven't tried 'oidc' and will do shortly)
• Ran into twitter redirect failure

[ERROR   ] CWWKS5424E: Cannot process the response from the [/1.1/account/verify_credentials.json] Twitter endpoint. CWWKS5411E: The response from the [/1.1/account/verify_credentials.json] Twitter endpoint did not contain one or more required parameters. The required parameters that are missing from the response are [[email]].

• Also ran into Warnings from 2 providers:

twitter:
WARNING ] Invalid cookie header: "set-cookie: personalization_id="v1_jBspEXHSzT4vyCNCOCjWKg=="; Max-Age=63072000; Expires=Fri, 25 Feb 2022 03:38:14 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None". Invalid 'expires' attribute: Fri, 25 Feb 2022 03:38:14 GMT
[WARNING ] Invalid cookie header: "set-cookie: guest_id=v1%3A158268829477890052; Max-Age=63072000; Expires=Fri, 25 Feb 2022 03:38:14 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None". Invalid 'expires' attribute: Fri, 25 Feb 2022 03:38:14 GMT
[WARNING ] Invalid cookie header: "set-cookie: personalization_id="v1_HnC+PByA9pQXkbdpJZRabA=="; Max-Age=63072000; Expires=Fri, 25 Feb 2022 03:38:35 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None". Invalid 'expires' attribute: Fri, 25 Feb 2022 03:38:35 GMT
[WARNING ] Invalid cookie header: "set-cookie: guest_id=v1%3A158268831489789424; Max-Age=63072000; Expires=Fri, 25 Feb 2022 03:38:35 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None". Invalid 'expires' attribute: Fri, 25 Feb 2022 03:38:35 GMT
[WARNING ] Invalid cookie header: "set-cookie: personalization_id="v1_dS2ge8iJgoKEr90X3csw5Q=="; Max-Age=63072000; Expires=Fri, 25 Feb 2022 03:38:36 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None". Invalid 'expires' attribute: Fri, 25 Feb 2022 03:38:36 GMT
[WARNING ] Invalid cookie header: "set-cookie: guest_id=v1%3A158268831599353709; Max-Age=63072000; Expires=Fri, 25 Feb 2022 03:38:36 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None". Invalid 'expires' attribute: Fri, 25 Feb 2022 03:38:36 GMT


linkedin:
WARNING ] Invalid cookie header: "Set-Cookie: lidc="b=TB57:g=2506:u=55:i=1582690581:t=1582776974:s=AQG_2ByqmUfF4AfEfMxNLbCs6Sv8tGxY"; Expires=Thu, 27 Feb 2020 04:16:14 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure". Invalid 'expires' attribute: Thu, 27 Feb 2020 04:16:14 GMT

[meiaus]

• Consulted with Bruce for the above twitter failure and warnings.
• Bruce' response via email indicated

1. need to quit warning about strange cookies sent from IBM ID OpenLiberty/open-liberty#10559 has resolved the warning but in nightly non-docker build. (I'll try it shortly)

   • stop cookie processing on token response OpenLiberty/open-liberty#10682 (merged)
   • spurious cookie warnings seen in social login OpenLiberty/open-liberty#11636

2. Twitter failure was due to twitter config snippet had the wrong variable names which has been updated and can be verified in a latest zip (Bruce will send me shortly).

[meiaus]

Next:

1. will verify the problems uncovered from 1st path using variables in server.xml (twitter issue is resolved which was due to the permission setting in twitter app; wait get open liberty build for the warnings)
2. will try ENV path from container startup (done)
3. will try with 'oidcLogin' attributes (done)
4. will try with 'rh-sso' provider

[meiaus]

Next:

1. Try with 'rh-sso' provider
2. review parameters in the trace
3. Try with operators

[meiaus]

'rh-sso' worked by referring the following doc:

1. add client
   https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.3/html/server_administration_guide/clients
2. discovery endpoint
   https://access.redhat.com/documentation/en-us/red_hat_single_sign-on_continuous_delivery/4/html/authorization_services_guide/service_overview

Learned about access type when creating a client:

confidential
Confidential access type is for server-side clients that need to perform a browser login and require a client secret when they turn an access code into an access token, (see Access Token Request in the OAuth 2.0 spec for more details). This type should be used for server-side applications. 
public
Public access type is for client-side clients that need to perform a browser login. With a client-side application there is no way to keep a secret safe. Instead it is very important to restrict access by configuring correct redirect URIs for the client. 

example config for oidcLogin:

- name: sec_sso_oidc_displayName
            value: "oidc client using rh-sso"
          - name: sec_sso_oidc_clientId
            value: "acmeapp"
          - name: sec_sso_oidc_discoveryEndpoint
            value: "https://sso-acme-test.apps.offal.os.fyre.ibm.com/auth/realms/sso-realm/.well-known/uma2-configuration"

[meiaus]

Collected test result with SSL Termination in Routes while running Social Login test and provided it to Bruce for suggestion. From the result, when using target ssl port, the security route termination only 'passthrough' worked; 'reencrypt' and 'edge' failed.

[meiaus]

Investigated Edge and Reencrypt TLS terminations but found these 2 require customer certificates. See doc:
https://access.redhat.com/documentation/en-us/openshift_container_platform/4.3/html/networking/configuring-routes
https://docs.openshift.com/container-platform/4.3/networking/routes/secured-routes.html

Need to explore how to gather the required certificate.

[meiaus]

Went back to scenario 1 with <variable name= value= /> in server.xml and initially the sso xml was placed in configDropins/overrides, which caused some of user defined values overridden (and failure to display the social media login page).
After discussing with Bruce, the configure.sh is updated from
SNIPPETS_TARGET_DEFAULTS=/config/configDropins/overrides
to
SNIPPETS_TARGET_DEFAULTS=/config/configDropins/defaults, which then resolve the problem.

[meiaus]

Parameters from trace log:
google:

Event:org.osgi.framework.ServiceEvent[source={com.ibm.ws.security.social.SocialLoginConfig, com.ibm.ws.security.jwt.config.JwtConsumerConfig}={
displayName=Google, 
authorizationEndpoint=https://accounts.google.com/o/oauth2/v2/auth, 
service.scope=bundle, 
signatureAlgorithm=RS256, 
mapToUserRegistry=false, 
scope=openid profile email,
component.name=com.ibm.ws.security.social.google,
clientId=765752377467-n8db8jrsm3t63ak861ubc7cu7r5dojnn.apps.googleusercontent.com,
redirectToRPHostAndPort=https://acme-acme-test-env.apps.offal.os.fyre.ibm.com,
jwksUri=https://www.googleapis.com/oauth2/v3/certs, 
config.source=file, 
useSystemPropertiesForHttpClientConnections=false, 
id=googleLogin, 
clientSecret=*****, 
nonceEnabled=true, 
service.pid=com.ibm.ws.security.social.google, 
website=https://accounts.google.com, 
service.id=448, 
isClientSideRedirectSupported=true, 
service.bundleid=129, 
responseType=code, 
issuer=https://accounts.google.com,
userNameAttribute=email, 
config.overrides=true, 
realmNameAttribute=iss, 
clockSkew=300000, 
component.id=337, 
tokenEndpoint=https://www.googleapis.com/oauth2/v4/token, includeCustomCacheKeyInSubject=true, 
service.vendor=IBM, 
tokenEndpointAuthMethod=client_secret_post, 
config.displayId=googleLogin, 
type=googleLogin}]

[3/3/20 23:47:26:138 GMT] 00000022 id=3ba0161a com.ibm.ws.security.social.internal.OidcLoginConfigImpl      > debug Entry
[3/3/20 23:47:26:138 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 com.ibm.ws.security.social.internal.GoogleLoginConfigImpl@3ba0161a
[3/3/20 23:47:26:138 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 clientId = 765752377467-n8db8jrsm3t63ak861ubc7cu7r5dojnn.apps.googleusercontent.com
[3/3/20 23:47:26:138 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 clientSecret is null = false
[3/3/20 23:47:26:138 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 authorizationEndpoint = https://accounts.google.com/o/oauth2/v2/auth
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 tokenEndpoint = https://www.googleapis.com/oauth2/v4/token
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 userInfoEndpoint = null
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 userInfoEndpointEnabled = false
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 jwksUri = https://www.googleapis.com/oauth2/v3/certs
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 scope = openid profile email
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 userNameAttribute = email
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 mapToUserRegistry = false
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 sslRef = null
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 authFilterRef = null
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 trustAliasName = null
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 builder = null
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 claims = null
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 isClientSideRedirectSupported = true
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 displayName = Google
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 website = https://accounts.google.com
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 issuer = https://accounts.google.com
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 realmNameAttribute = iss
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 groupNameAttribute = null
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 userUniqueIdAttribute = null
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 clockSkew = 300000
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 signatureAlgorithm = RS256
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 tokenEndpointAuthMethod = client_secret_post
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 redirectToRPHostAndPort = https://acme-acme-test-env.apps.offal.os.fyre.ibm.com
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 hostNameVerificationEnabled = true
[3/3/20 23:47:26:139 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 nonce = true
[3/3/20 23:47:26:140 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 responseType = code
[3/3/20 23:47:26:140 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 responseMode = null
[3/3/20 23:47:26:140 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 realmName = null
[3/3/20 23:47:26:140 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 includeCustomCacheKeyInSubject = true
[3/3/20 23:47:26:140 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 resource = null
[3/3/20 23:47:26:140 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 forwardLoginParameter = []
[3/3/20 23:47:26:140 GMT] 00000022 id=3ba0161a com.ibm.ws.security.social.internal.OidcLoginConfigImpl      < debug Exit
[3/3/20 23:47:26:140 GMT] 00000022 id=3ba0161a com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    < initProps Exit
[3/3/20 23:47:26:140 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    I CWWKS5400I: The social login configuration [googleLogin] was successfully processed.

[meiaus]

twitter:

    Event:org.osgi.framework.ServiceEvent[source={com.ibm.ws.security.social.SocialLoginConfig}={displayName=Twitter, 
service.scope=bundle, 
mapToUserRegistry=false, 
component.name=com.ibm.ws.security.social.twitter, 
consumerKey=zDAcwE8VBZi1Ki9zFEilbtWMt, 
redirectToRPHostAndPort=https://acme-acme-test-env.apps.offal.os.fyre.ibm.com,
userApi=https://api.twitter.com/1.1/account/verify_credentials.json,
accessTokenUrl=https://api.twitter.com/oauth/access_token, 
config.source=file, 
useSystemPropertiesForHttpClientConnections=false, 
id=twitterLogin, 
service.pid=com.ibm.ws.security.social.twitter, 
website=https://twitter.com, 
service.id=465, 
isClientSideRedirectSupported=true, 
service.bundleid=129, 
userNameAttribute=email, 
config.overrides=true, 
consumerSecret=*****, 
userAuthorizationUrl=https://api.twitter.com/oauth/authenticate, 
component.id=348, 
requestTokenUrl=https://api.twitter.com/oauth/request_token, 
service.vendor=IBM, 
config.displayId=twitterLogin, 
type=twitterLogin}]

[3/3/20 23:47:26:293 GMT] 00000022 id=430f364f com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   > debug Entry
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl@430f364f
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 consumerKey = zDAcwE8VBZi1Ki9zFEilbtWMt
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 consumerSecret is null = false
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 requestTokenUrl = https://api.twitter.com/oauth/request_token
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 userAuthorizationUrl = https://api.twitter.com/oauth/authenticate
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 accessTokenUrl = https://api.twitter.com/oauth/access_token
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 userApi = https://api.twitter.com/1.1/account/verify_credentials.json
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 userApiConfigs = 1
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 userNameAttribute = email
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 mapToUserRegistry = false
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 sslRef = null
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 authFilterRef = null
[3/3/20 23:47:26:293 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 builder = null
[3/3/20 23:47:26:294 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 claims = null
[3/3/20 23:47:26:294 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 isClientSideRedirectSupported = true
[3/3/20 23:47:26:294 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 displayName = Twitter
[3/3/20 23:47:26:294 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 website = https://twitter.com
[3/3/20 23:47:26:294 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   3 redirectToRPHostAndPort = https://acme-acme-test-env.apps.offal.os.fyre.ibm.com
[3/3/20 23:47:26:294 GMT] 00000022 id=430f364f com.ibm.ws.security.social.internal.TwitterLoginConfigImpl   < debug Exit
[3/3/20 23:47:26:294 GMT] 00000022 id=430f364f com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    < initProps Exit
[3/3/20 23:47:26:294 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    I CWWKS5400I: The social login configuration [twitterLogin] was successfully processed.

[meiaus]

GHE:
website value is fixed.

                 Event:org.osgi.framework.ServiceEvent[source={com.ibm.ws.security.social.SocialLoginConfig}=
{displayName=GitHub, 
authorizationEndpoint=https://github.ibm.com/login/oauth/authorize, 
service.scope=bundle, 
mapToUserRegistry=false, 
scope=user, 
component.name=com.ibm.ws.security.social.github, 
clientId=95feb79c6d4319420c60, 
redirectToRPHostAndPort=https://acme-acme-test-env.apps.offal.os.fyre.ibm.com, userApi=https://api.github.ibm.com/user/emails, 
config.source=file, 
useSystemPropertiesForHttpClientConnections=false, 
id=githubLogin, 
clientSecret=*****, 
service.pid=com.ibm.ws.security.social.github, 
website=https://github.ibm.com, 
service.id=447, 
isClientSideRedirectSupported=true, 
service.bundleid=129, 
responseType=code, 
userNameAttribute=email,
config.overrides=true, 
component.id=336, 
tokenEndpoint=https://github.ibm.com/login/oauth/access_token, 
service.vendor=IBM, 
tokenEndpointAuthMethod=client_secret_post, 
config.displayId=githubLogin, 
type=githubLogin}]

[3/4/20 17:40:19:068 GMT] 00000022 id=0015ed40 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    > debug Entry
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 com.ibm.ws.security.social.internal.GithubLoginConfigImpl@15ed40
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 clientId = 95feb79c6d4319420c60
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 clientSecret is null = false
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 authorizationEndpoint = https://github.ibm.com/login/oauth/authorize
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 tokenEndpoint = https://github.ibm.com/login/oauth/access_token
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 userApi = https://api.github.ibm.com/user/emails
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 userApiConfigs = 1
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 scope = user
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 userNameAttribute = email
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 mapToUserRegistry = false
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 sslRef = null
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 authFilterRef = null
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 builder = null
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 claims = null
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 isClientSideRedirectSupported = true
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 displayName = GitHub
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 website = https://github.ibm.com
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 tokenEndpointAuthMethod = client_secret_post
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 redirectToRPHostAndPort = https://acme-acme-test-env.apps.offal.os.fyre.ibm.com
[3/4/20 17:40:19:069 GMT] 00000022 id=0015ed40 com.ibm.ws.security.social.internal.GithubLoginConfigImpl    < debug Exit
[3/4/20 17:40:19:069 GMT] 00000022 id=0015ed40 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    < initProps Exit
[3/4/20 17:40:19:069 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    I CWWKS5400I: The social login configuration [githubLogin] was successfully processed.

Old:
(Did point out website=https://github.com, to Bruce.)

website=https://github.com, 
. . .

com.ibm.ws.security.social.internal.GithubLoginConfigImpl    3 website = https://github.com
[3/3/20 23:47:25:626 GMT] 00000022 id=00000000 

[meiaus]

LinkedIn:

    Event:org.osgi.framework.ServiceEvent[source={com.ibm.ws.security.social.SocialLoginConfig}=
{displayName=Linkedin, 
authorizationEndpoint=https://www.linkedin.com/oauth/v2/authorization, 
service.scope=bundle, 
mapToUserRegistry=false, 
scope=r_emailaddress r_liteprofile, 
component.name=com.ibm.ws.security.social.linkedin, 
clientId=78613t41t8sqw6, 
redirectToRPHostAndPort=https://acme-acme-test-env.apps.offal.os.fyre.ibm.com,
userApi=https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~)),
config.source=file, 
useSystemPropertiesForHttpClientConnections=false, 
id=linkedinLogin, 
clientSecret=*****, 
service.pid=com.ibm.ws.security.social.linkedin, 
website=https://www.linkednin.com, 
service.id=461, 
isClientSideRedirectSupported=true, 
service.bundleid=129, 
responseType=code, 
userNameAttribute=emailAddress, 
config.overrides=true, 
component.id=344, 
tokenEndpoint=https://www.linkedin.com/oauth/v2/accessToken, 
service.vendor=IBM, 
tokenEndpointAuthMethod=client_secret_post, 
userApiNeedsSpecialHeader=true, 
config.displayId=linkedinLogin, 
type=linkedinLogin}]

[3/3/20 23:47:26:174 GMT] 00000022 id=51f45eb7 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  > debug Entry
[3/3/20 23:47:26:174 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl@51f45eb7
[3/3/20 23:47:26:174 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 clientId = 78613t41t8sqw6
[3/3/20 23:47:26:174 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 clientSecret is null = false
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 authorizationEndpoint = https://www.linkedin.com/oauth/v2/authorization
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 tokenEndpoint = https://www.linkedin.com/oauth/v2/accessToken
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 userApi = https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 userApiConfigs = 1
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 scope = r_emailaddress r_liteprofile
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 userNameAttribute = emailAddress
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 mapToUserRegistry = false
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 sslRef = null
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 authFilterRef = null
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 builder = null
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 claims = null
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 isClientSideRedirectSupported = true
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 displayName = Linkedin
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 website = https://www.linkednin.com
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 tokenEndpointAuthMethod = client_secret_post
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 userApiNeedsSpecialHeader = true
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  3 redirectToRPHostAndPort = https://acme-acme-test-env.apps.offal.os.fyre.ibm.com
[3/3/20 23:47:26:175 GMT] 00000022 id=51f45eb7 com.ibm.ws.security.social.internal.LinkedinLoginConfigImpl  < debug Exit
[3/3/20 23:47:26:175 GMT] 00000022 id=51f45eb7 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    < initProps Exit
[3/3/20 23:47:26:175 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    I CWWKS5400I: The social login configuration [linkedinLogin] was successfully processed.

[meiaus]

facebook:

    Event:org.osgi.framework.ServiceEvent[source={com.ibm.ws.security.social.SocialLoginConfig}=
{displayName=Facebook, 
service.scope=bundle, 
mapToUserRegistry=false, 
component.name=com.ibm.ws.security.social.facebook, 
clientId=482214885448760, 
redirectToRPHostAndPort=https://acme-acme-test-env.apps.offal.os.fyre.ibm.com,
userApi=https://graph.facebook.com/v2.8/me?fields=id,name,email, 
config.source=file, 
useSystemPropertiesForHttpClientConnections=false, 
id=facebookLogin, 
clientSecret=*****, 
service.pid=com.ibm.ws.security.social.facebook, 
website=https://www.facebook.com, 
service.id=458, 
isClientSideRedirectSupported=true, 
service.bundleid=129, 
responseType=code, 
permissions=public_profile email, 
userNameAttribute=email, 
config.overrides=true, 
loginDialogEndpoint=https://www.facebook.com/v2.8/dialog/oauth, 
component.id=341, 
tokenEndpoint=https://graph.facebook.com/v2.8/oauth/access_token, 
service.vendor=IBM, 
tokenEndpointAuthMethod=client_secret_post, 
config.displayId=facebookLogin, 
type=facebookLogin}]

[3/3/20 23:47:25:506 GMT] 00000022 id=b47b3ed8 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  > debug Entry
[3/3/20 23:47:25:506 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl@b47b3ed8
[3/3/20 23:47:25:506 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 clientId = 482214885448760
[3/3/20 23:47:25:506 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 clientSecret is null = false
[3/3/20 23:47:25:506 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 loginDialogEndpoint = https://www.facebook.com/v2.8/dialog/oauth
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 tokenEndpoint = https://graph.facebook.com/v2.8/oauth/access_token
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 userApi = https://graph.facebook.com/v2.8/me?fields=id,name,email
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 userApiConfigs = 1
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 permissions = public_profile email
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 userNameAttribute = email
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 mapToUserRegistry = false
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 sslRef = null
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 authFilterRef = null
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 builder = null
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 claims = null
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 isClientSideRedirectSupported = true
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 displayName = Facebook
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 website = https://www.facebook.com
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 tokenEndpointAuthMethod = client_secret_post
[3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  3 redirectToRPHostAndPort = https://acme-acme-test-env.apps.offal.os.fyre.ibm.com
[3/3/20 23:47:25:507 GMT] 00000022 id=b47b3ed8 com.ibm.ws.security.social.internal.FacebookLoginConfigImpl  < debug Exit

3/3/20 23:47:25:507 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    I CWWKS5400I: The social login configuration [facebookLogin] was successfully processed.

[meiaus]

oauth2Login (github.com):

   Event:org.osgi.framework.ServiceEvent[source={com.ibm.ws.security.social.SocialLoginConfig}=
{displayName=oauth client using github.com, 
authorizationEndpoint=https://github.com/login/oauth/authorize, 
accessTokenSupported=false, 
service.scope=bundle, 
mapToUserRegistry=false, 
scope=user, 
component.name=com.ibm.ws.security.social.oauth2login, 
clientId=d599dfd433a29a72aa1a, 
redirectToRPHostAndPort=https://acme-acme-test-env.apps.offal.os.fyre.ibm.com,
userApi=https://api.github.com/user, 
config.source=file, 
userApiToken=*****, 
useSystemPropertiesForHttpClientConnections=false, 
id=oauth2Login, 
userApiType=basic, 
clientSecret=*****, 
groupNameAttribute=, 
service.pid=com.ibm.ws.security.social.oauth2login_38, 
service.id=462, 
isClientSideRedirectSupported=true, 
service.bundleid=129, 
responseType=code, 
userNameAttribute=login, 
accessTokenRequired=false, 
config.overrides=true, 
realmNameAttribute=, 
realmName=, 
component.id=345, 
tokenEndpoint=https://github.com/login/oauth/access_token,
config.id=com.ibm.ws.security.social.oauth2login[oauth2Login],
service.factoryPid=com.ibm.ws.security.social.oauth2login, 
nonce=false, 
accessTokenHeaderName=, 
service.vendor=IBM, 
tokenEndpointAuthMethod=client_secret_post, 
userApiNeedsSpecialHeader=false, 
config.displayId=oauth2Login[oauth2Login], 
type=oauth2Login}]

[3/3/20 23:47:26:192 GMT] 00000022 id=e34ab87a com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    > debug Entry
[3/3/20 23:47:26:192 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl@e34ab87a
[3/3/20 23:47:26:192 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 clientId = d599dfd433a29a72aa1a
[3/3/20 23:47:26:192 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 clientSecret is null = false
[3/3/20 23:47:26:192 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 displayName = oauth client using github.com
[3/3/20 23:47:26:192 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 website = null
[3/3/20 23:47:26:192 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 authorizationEndpoint = https://github.com/login/oauth/authorize
[3/3/20 23:47:26:192 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 tokenEndpoint = https://github.com/login/oauth/access_token
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 jwksUri = null
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 responseType = code
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 tokenEndpointAuthMethod = client_secret_post
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 sslRef = null
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 scope = user
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 authFilterRef = null
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 redirectToRPHostAndPort = https://acme-acme-test-env.apps.offal.os.fyre.ibm.com
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 userNameAttribute = login
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 userApi = https://api.github.com/user
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 userApiConfigs = 1
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 realmName = null
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 realmNameAttribute = null
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 groupNameAttribute = null
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 userUniqueIdAttribute = null
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 mapToUserRegistry = false
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 builder = null
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 claims = null
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 isClientSideRedirectSupported = true
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 nonce = false
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    3 userApiNeedsSpecialHeader = false
[3/3/20 23:47:26:193 GMT] 00000022 id=e34ab87a com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    < debug Exit
[3/3/20 23:47:26:193 GMT] 00000022 id=e34ab87a com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    < initProps Exit
[3/3/20 23:47:26:193 GMT] 00000022 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    I CWWKS5400I: The social login configuration [oauth2Login] was successfully processed.

[meiaus]

oidcLogin (RH-SSO):

    Event:org.osgi.framework.ServiceEvent[source={com.ibm.ws.security.social.SocialLoginConfig, com.ibm.ws.security.jwt.config.JwtConsumerConfig}=
{displayName=oidc client using RH-SSO, 
service.scope=bundle, 
signatureAlgorithm=RS256, 
mapToUserRegistry=false, 
scope=openid profile email, 
component.name=com.ibm.ws.security.social.oidclogin, 
clientId=acmeapp, 
redirectToRPHostAndPort=https://acme-acme-test-env.apps.offal.os.fyre.ibm.com,
discoveryPollingRate=300000, 
hostNameVerificationEnabled=true, 
config.source=file, 
useSystemPropertiesForHttpClientConnections=false, 
id=oidcLogin, 
clientSecret=*****, 
groupNameAttribute=, 
nonceEnabled=true, 
service.pid=com.ibm.ws.security.social.oidclogin_34, 
service.id=463, 
isClientSideRedirectSupported=true, 
service.bundleid=129, 
responseType=code, 
userInfoEndpointEnabled=false, 
userNameAttribute=sub, 
config.overrides=true, 
realmNameAttribute=iss, 
clockSkew=300000, 
component.id=346, 
discoveryEndpoint=https://sso-acme-test.apps.offal.os.fyre.ibm.com/auth/realms/sso-realm/.well-known/uma2-configuration, 
config.id=com.ibm.ws.security.social.oidclogin[oidcLogin], 
includeCustomCacheKeyInSubject=true, 
service.factoryPid=com.ibm.ws.security.social.oidclogin, 
service.vendor=IBM, 
tokenEndpointAuthMethod=client_secret_post, 
config.displayId=oidcLogin[oidcLogin], 
type=oidcLogin}]

[3/3/20 23:49:37:228 GMT] 00000042 id=fc9cf571 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      > debug Entry
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 com.ibm.ws.security.social.internal.OidcLoginConfigImpl@fc9cf571
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 clientId = acmeapp
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 clientSecret is null = false
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 authorizationEndpoint = https://sso-acme-test.apps.offal.os.fyre.ibm.com/auth/realms/sso-realm/protocol/openid-connect/auth
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 tokenEndpoint = https://sso-acme-test.apps.offal.os.fyre.ibm.com/auth/realms/sso-realm/protocol/openid-connect/token
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 userInfoEndpoint = null
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 userInfoEndpointEnabled = false
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 jwksUri = https://sso-acme-test.apps.offal.os.fyre.ibm.com/auth/realms/sso-realm/protocol/openid-connect/certs
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 scope = openid profile email
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 userNameAttribute = sub
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 mapToUserRegistry = false
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 sslRef = null
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 authFilterRef = null
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 trustAliasName = null
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 builder = null
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 claims = null
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 isClientSideRedirectSupported = true
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 displayName = oidc client using RH-SSO
[3/3/20 23:49:37:228 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 website = null
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 issuer = https://sso-acme-test.apps.offal.os.fyre.ibm.com/auth/realms/sso-realm
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 realmNameAttribute = iss
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 groupNameAttribute = null
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 userUniqueIdAttribute = null
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 clockSkew = 300000
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 signatureAlgorithm = RS256
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 tokenEndpointAuthMethod = client_secret_post
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 redirectToRPHostAndPort = https://acme-acme-test-env.apps.offal.os.fyre.ibm.com
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 hostNameVerificationEnabled = true
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 nonce = true
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 responseType = code
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 responseMode = null
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 realmName = null
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 includeCustomCacheKeyInSubject = true
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 resource = null
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      3 forwardLoginParameter = []
[3/3/20 23:49:37:229 GMT] 00000042 id=fc9cf571 com.ibm.ws.security.social.internal.OidcLoginConfigImpl      < debug Exit
[3/3/20 23:49:37:229 GMT] 00000042 id=fc9cf571 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    < initProps Exit
[3/3/20 23:49:37:229 GMT] 00000042 id=00000000 com.ibm.ws.security.social.internal.Oauth2LoginConfigImpl    I CWWKS5400I: The social login configuration [oidcLogin] was successfully processed.

[meiaus]

Addressed a minor issue: OpenLiberty/open-liberty#11180.

[meiaus]

Completed Pre-registered RH-SSO scenario with Open Liberty Operator.
Closing the issue ...