mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add the IDP display name to the downstream ID token's sub claim

Browse Source 
To make the subject of the downstream ID token more unique when
there are multiple IDPs. It is possible to define two IDPs in a
FederationDomain using the same identity provider CR, in which
case the only thing that would make the subject claim different
is adding the IDP display name into the values of the subject claim.
This commit is contained in:
Ryan Richard
2023-08-30 15:13:42 -07:00
parent 28210ab14d
commit e2bdab9e2d
15 changed files with 372 additions and 294 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/federationdomain/endpoints/token/token_handler.go
View File

@@ -394,7 +394,7 @@ func upstreamLDAPRefresh(
Groups: oldUntransformedGroups,
AdditionalAttributes: additionalAttributes,
GrantedScopes: grantedScopes,
})
}, p.DisplayName)
if err != nil {
return errUpstreamRefreshError().WithHint(
"Upstream refresh failed.").WithTrace(err).