product-is icon indicating copy to clipboard operation
product-is copied to clipboard

Published 20 hours ago verified publisher icon wso2

SID claim in getting changed when authenticated with SSO

Open isuruhettiarachchi opened this issue 6 months ago • 0 comments

Describe the issue: sid claim in the id token is always returns with a new value when user is getting authenticated with SSO using the same session. This happens after the introduction of JARM feature [1]

How to reproduce:

  1. Create two service providers (application A and application B) with authorization code grant
  2. Login into the application A using authorization code
  3. Get the id token
  4. Login into the application B with SSO
  5. Get the id token
  6. Two id tokens will contain two different sid claims
  7. If a new authorize request is sent to the service provider of application A and get a new id token with same session, it will also contain a new sid claim value

Expected behavior: Id token should contain the same sid value since the user is authenticated with same session.

Environment information:

  • Product Version: IS 6.1.0

[1] - https://github.com/wso2/product-is/issues/15527

isuruhettiarachchi avatar Aug 22 '24 11:08 isuruhettiarachchi