Issuer URL is not same as Issuer URL in metadata

[dixitmehuls]

At our company the OIDC is setup with metadata URL as https://<<OIDC_SERVER_URL>>/mga/sps/oauth/oauth20/metadata/MYOIDC and the issuer that I get in metadata is "issuer":"https://<<OIDC_SERVER_URL>>", so they dont match.

Nimbus Code in OIDCProviderMetadata fails at the following line...

if (! issuer.equals(op.getIssuer())) { throw new GeneralException("The returned issuer doesn't match the expected: " + op.getIssuer()); }

any idea how we handle this?

[tjuerge]

Nimbus SDK is checking for OIDC spec compliance as explained here. So you have to check with your IdP vendor to fix this issue.

Just curious: Which IdP are you using?

[Mohsen51]

For information, I've got the same issue with my idP being ISAM. Also, I found that the metadata JSON from ISAM does not contain the key subject_types_supported. This causes an error within nimbusds being the following : Caused by: com.nimbusds.oauth2.sdk.ParseException: Missing JSON object member with key subject_types_supported So sonar-auth-oidc is not compatible with ISAM idP...

[tjuerge]

So sonar-auth-oidc is not compatible with ISAM idP...

Regarding the OpenID Connect Discovery 1.0 spec the provider metadata key subject_types_supported is required. Without this key your identity provider is not compliant to this spec...