Hi Kevin,
This is a bit of an "out-there" idea, but I'm trying to creatively think about how you could get past your current blocking problem. Consider a HTTP transformation rule on the /authorize endpoint that modified the URI, renaming "prompt=xxx" to "myprompt=xxx", when "xxx" is any value that you want to support by that ISVA doesn't currently support. This would avoid the current error validation that is taking place, and allow you to implement an access policy that then looks for "myprompt" and processes it in the manner you wish.
------------------------------
Shane Weeden
IBM
------------------------------
Original Message:
Sent: Thu November 25, 2021 09:46 AM
From: Kevin De Win
Subject: OIDC - Authentication Request - support of prompt=select_account
Hi,
We would like to know if the following request parameter (prompt=select_account) is supported within the Authorization Code Flow in ISVA 10.0.3?
https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
We want to use this in ISVA 10.0.1 and are getting the following error:
OAuth20InvalidRequestException: FBTOAU244E An invalid prompt value was provided.
-> Ensure that the request prompt parameter value is either none, login or consent.
Kind regards,
Kevin De Win
IS4U
------------------------------
Kevin De Win
Security Consultant
IS4U
------------------------------