WebSphere Application Server & Liberty

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hello Barbara,

I added the provider_(id).setLtpaCookie=true (as per the official documentation it is set by default to true) property and restarted the server.

Again the LTPA cookie has not been created:

here is the configuration of the TAI:

Let me explain again the situation:

I have deployed Spring boot app to Cluster1 of the WebSphere cell. I have configured TAI for that application using callback url because it is a WEB app and users enter their credentials to the Microsoft login page. It works perfectly. 

Now, I have another spring boot app deployed to Cluster2 on the same WebSphere cell, which is a REST API, and again I have configured TAI (above image for provider_7) and authentication is being done by client_id and secert_id without redirection to Microsoft login page. My goal is to be able to consume endpoints exposed in the app at the cluster1 from the REST API at cluster2   authenticating by ltpa2 cookie because the app at cluster1 expects it.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 08:27 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hi Petre,

This is the TAI config for your Spring Boot cluster, the Spring Boot app is in the filter, it is intercepted, you login and you do not get the LTPA?  If so, I suggest that you do the following:

1. Make sure that you are running 8.5.5.26, 9.0.5.20, or have OIDC 1.5.3 installed so that you are running the latest OIDC TAI.
2. Gather an OIDC trace of your Spring Boot login.  You can follow the instructions in the SSO Mustgather
3. When your login is complete, search for the 2nd entry for PROCESS COMPLETE. 
   • Either shortly before or after that entry, you should see the list of properties that we send to core security to construct the Subject.  One of the properties is setLtpaCookie.  To get the LTPA cookie, the property should be set to true.   Is that what you see?

Hello Barbara,

I added the provider_(id).setLtpaCookie=true (as per the official documentation it is set by default to true) property and restarted the server.

Again the LTPA cookie has not been created:

here is the configuration of the TAI:

Let me explain again the situation:

I have deployed Spring boot app to Cluster1 of the WebSphere cell. I have configured TAI for that application using callback url because it is a WEB app and users enter their credentials to the Microsoft login page. It works perfectly. 

Now, I have another spring boot app deployed to Cluster2 on the same WebSphere cell, which is a REST API, and again I have configured TAI (above image for provider_7) and authentication is being done by client_id and secert_id without redirection to Microsoft login page. My goal is to be able to consume endpoints exposed in the app at the cluster1 from the REST API at cluster2   authenticating by ltpa2 cookie because the app at cluster1 expects it.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 08:27 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hi Barbara,

my OIDC version is 1.4.0 and WAS 8.5.5.23, I think that it is not so old.

This what I have in the trace log:

[7/31/24 16:49:13:844 CEST] 000000ac OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[7/31/24 16:49:13:844 CEST] 000000ac RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]

I have sucessfully got the access token but the ltp2 cookie is not returned.

Hi Petre,

This is the TAI config for your Spring Boot cluster, the Spring Boot app is in the filter, it is intercepted, you login and you do not get the LTPA?  If so, I suggest that you do the following:

1. Make sure that you are running 8.5.5.26, 9.0.5.20, or have OIDC 1.5.3 installed so that you are running the latest OIDC TAI.
2. Gather an OIDC trace of your Spring Boot login.  You can follow the instructions in the SSO Mustgather
3. When your login is complete, search for the 2nd entry for PROCESS COMPLETE. 
   • Either shortly before or after that entry, you should see the list of properties that we send to core security to construct the Subject.  One of the properties is setLtpaCookie.  To get the LTPA cookie, the property should be set to true.   Is that what you see?

Hello Barbara,

I added the provider_(id).setLtpaCookie=true (as per the official documentation it is set by default to true) property and restarted the server.

Again the LTPA cookie has not been created:

here is the configuration of the TAI:

Let me explain again the situation:

I have deployed Spring boot app to Cluster1 of the WebSphere cell. I have configured TAI for that application using callback url because it is a WEB app and users enter their credentials to the Microsoft login page. It works perfectly. 

Now, I have another spring boot app deployed to Cluster2 on the same WebSphere cell, which is a REST API, and again I have configured TAI (above image for provider_7) and authentication is being done by client_id and secert_id without redirection to Microsoft login page. My goal is to be able to consume endpoints exposed in the app at the cluster1 from the REST API at cluster2   authenticating by ltpa2 cookie because the app at cluster1 expects it.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 08:27 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hi Petre,

We're looking for the properties that are sent to core security to login, not the TAI properties.  For example:

When you say that the LTPA cookie isn't created, do you mean that it isn't in the browser at all, or that it isn't sent on the request to the getCaseList endpoint?

Hi Barbara,

my OIDC version is 1.4.0 and WAS 8.5.5.23, I think that it is not so old.

This what I have in the trace log:

[7/31/24 16:49:13:844 CEST] 000000ac OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[7/31/24 16:49:13:844 CEST] 000000ac RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]

I have sucessfully got the access token but the ltp2 cookie is not returned.

Hi Petre,

This is the TAI config for your Spring Boot cluster, the Spring Boot app is in the filter, it is intercepted, you login and you do not get the LTPA?  If so, I suggest that you do the following:

1. Make sure that you are running 8.5.5.26, 9.0.5.20, or have OIDC 1.5.3 installed so that you are running the latest OIDC TAI.
2. Gather an OIDC trace of your Spring Boot login.  You can follow the instructions in the SSO Mustgather
3. When your login is complete, search for the 2nd entry for PROCESS COMPLETE. 
   • Either shortly before or after that entry, you should see the list of properties that we send to core security to construct the Subject.  One of the properties is setLtpaCookie.  To get the LTPA cookie, the property should be set to true.   Is that what you see?

Hello Barbara,

I added the provider_(id).setLtpaCookie=true (as per the official documentation it is set by default to true) property and restarted the server.

Again the LTPA cookie has not been created:

here is the configuration of the TAI:

Let me explain again the situation:

I have deployed Spring boot app to Cluster1 of the WebSphere cell. I have configured TAI for that application using callback url because it is a WEB app and users enter their credentials to the Microsoft login page. It works perfectly. 

Now, I have another spring boot app deployed to Cluster2 on the same WebSphere cell, which is a REST API, and again I have configured TAI (above image for provider_7) and authentication is being done by client_id and secert_id without redirection to Microsoft login page. My goal is to be able to consume endpoints exposed in the app at the cluster1 from the REST API at cluster2   authenticating by ltpa2 cookie because the app at cluster1 expects it.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 08:27 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hello Barbara,

I have the folllwing log trace config:

*=info: com.ibm.ws.security.web.*=all: com.ibm.ws.security.oidc.*=all: com.ibm.ws.security.openidconnect.*=all: com.ibm.ws.security.openid20.*=all: com.ibm.ws.security.saml.*=all: com.ibm.websphere.wssecurity.*=all: com.ibm.ws.wssecurity.*=all: com.ibm.ws.wssecurity.platform.audit.*=off: SamlCommandProviderImpl=all: com.ibm.ws.security.oauth20.*=all: com.ibm.oauth.*=all

I successfully get an acces_token with 

OauthClientHelper.getClientCredentialsGrantAccessToken()  but LTPA has not been returned in a postman/browser

this is the log:

[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Look for a config entry that contains [grantType=CLIENT_CREDENTIALS] or [all]:
[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Processing provider number [0]
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 OauthHelper   3   Processing provider number [1]
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [2]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [3]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [4]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [5]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [6]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 OauthHelper   3   Initialize the config object for [grantType=CLIENT_CREDENTIALS]:
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  initialize(props[not null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[identifier],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(identifier) returns [ossapi] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC 3   ==> Processing config for provider identifier [ossapi]
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJwtFromRequest],defaultValue[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJwtFromRequest) returns [no] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateUseJwtFromRequestProperty(no) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  isFalse(String flag[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateUseJwtFromRequestProperty returns [NO] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  getDiscoveryProperties Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[discoveryEndpointUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(discoveryEndpointUrl) returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useDiscovery) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDiscovery],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDiscovery) returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 RelyingPartyC >  processDiscovery Entry
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  getDiscoveryEndpointEntry(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  processDiscovery Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeDiscovery(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO DISCOVERY ENDPOINT ON OP
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[GET], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], contents[null], rpConfig[null], ltpaCookie[null], authnRequired[false], token[null]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   rpConfig [null]
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   contents [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   GET Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[GET],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:052 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM DISCOVERY ENDPOINT
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeDiscovery returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:144 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[issuer]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[authorization_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[token_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[userinfo_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://graph.microsoft.com/oidc/userinfo] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[revocation_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[jwks_uri]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[introspection_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[end_session_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[id_token_signing_alg_values_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[id_token_signing_alg_values_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [RS256] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      >  getTokenEndpointAuthMethod(json[com.google.gson.JsonObject]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[token_endpoint_auth_methods_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[token_endpoint_auth_methods_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [client_secret_post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      <  getTokenEndpointAuthMethod returns [post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      3   Values obtained from discovery: (issuerIdentifier[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint[null], introspectEndpoint[null], endSessionEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], jwkEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], idtokenSigningAlg[RS256])
[8/1/24 17:49:18:155 CEST] 000000b6 JwKRetriever  3   JwKRetriever(jwkEndpointUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      >  cache Entry
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Caching entry for discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Adding alias entry for issuer[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  cache Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  processDiscovery Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  getDiscoveryEndpointEntry returns [com.ibm.ws.security.oidc.client.OPConfig [discoveryUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint=[null], jwkEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], introspectEndpoint=[null], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], idtokenSigningAlg=[RS256], tokenEndpointAuthMethod=[post], verifyIssuerInIat=[false], jwkRetriever=[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]]]) Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OPConfig      3   getJwKRetriever returns[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processDiscovery Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  getDiscoveryProperties Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmAllowList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmAllowList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmDenyList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmDenyList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC >  processSignatureAlgorithmProps(allowList[null],denyList[null]): idtokenSigningAlg[null] Entry
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for signAlg conflict with allowlist/denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for allowlist/denylist conflict
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for HS256 in allowlist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check if HS256 needs to be added to denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Setting signatureAlgorithmDenyList to HS256.
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       >  parseUris(uris[HS256]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [1] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processSignatureAlgorithmProps: idtokenSigningAlg[null], sigAllowList[], sigDenyList[[HS256]] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientId],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getProperty returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, verifyIssuerInIat) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[verifyIssuerInIat],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(verifyIssuerInIat) returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, setLtpaCookie) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[setLtpaCookie],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(setLtpaCookie) returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clientSecret) returns [not null] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], password[not null]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[interceptedPathFilter]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[interceptedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(interceptedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[excludedPathFilter]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[excludedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(excludedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[filter],defaultValue[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(filter) returns [request-url^=oss-dev.test-era.europa.eu/oss-api] Exit
[8/1/24 17:49:18:159 CEST] 000000b6 CommonHTTPHea >  init s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   setConfiguredFilterString [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Number of OR conditions: [1]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea >  buildAndCondition s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Processing condition [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   isValid
                                 Adding request-url ^= oss-dev.test-era.europa.eu/oss-api
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea <  buildAndCondition returns [not null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   Configured filter [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea <  init returns [true] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   setProcessAll [false]
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jsonWebKeyFile],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jsonWebKeyFile) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[trustStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(trustStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signVerifyAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signVerifyAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[keyStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(keyStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptKeyPassword],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptKeyPassword) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[loginErrorUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(loginErrorUrl) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, sendOpErrorParamsToLoginErrorUrl) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sendOpErrorParamsToLoginErrorUrl],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sendOpErrorParamsToLoginErrorUrl) returns [false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, userinfoEndpointEnabled) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userinfoEndpointEnabled],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userinfoEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isFalse(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionEndpointEnabled) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionEndpointEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionRedirectUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionRedirectUrl) returns [null] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionUseLogoutExitPage) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionUseLogoutExitPage],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionUseLogoutExitPage) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpsRequired) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpsRequired],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpsRequired) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpOnly) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpOnly],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpOnly) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[groupIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(groupIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userIdentifier) returns [oid] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[uniqueUserIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(uniqueUserIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[realmIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(realmIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, useDefaultIdentifierFirst) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDefaultIdentifierFirst],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDefaultIdentifierFirst) returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIntProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIntProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[callbackServletContext],defaultValue[/oidcclient]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(callbackServletContext) returns [/oidcclient] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[redirectToRPHostAndPort],defaultValue[null]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(redirectToRPHostAndPort) returns [null] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, includePortInDefaultRedirectUrl) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[includePortInDefaultRedirectUrl],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(includePortInDefaultRedirectUrl) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, refreshExpiredAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshExpiredAccessToken],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshExpiredAccessToken) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeAccessToken],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeAccessToken) returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeTokensOnCacheEviction) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeTokensOnCacheEviction],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeTokensOnCacheEviction) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[responseType],validValues[not null],defaultValue[code],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(responseType) returns [code] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, nonceEnabled) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[nonceEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(nonceEnabled) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clockSkew],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clockSkew) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[clockSkew], strValue[null], defValue[180] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [180] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshBeforeAccessTokenExpiresTime],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshBeforeAccessTokenExpiresTime) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[refreshBeforeAccessTokenExpiresTime], strValue[null], defValue[0] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [0] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sessionCacheTimeoutMinutes],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sessionCacheTimeoutMinutes) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC 3   setSessionTimeoutMillis(timeToExpire[null])
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC <  setSessionTimeoutMillis Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, tokenReuse) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[tokenReuse],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(tokenReuse) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[audiences]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[audiences],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(audiences) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[headerName],defaultValue[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(headerName) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowImplicitClientFlow) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowImplicitClientFlow],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowImplicitClientFlow) returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, createSession) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[createSession],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(createSession) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [true] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, encodeNewline) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeNewline],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeNewline) returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, mapIdentityToRegistryUser) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[mapIdentityToRegistryUser],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(mapIdentityToRegistryUser) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentType],defaultValue[text/html; charset=UTF-8]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentType) returns [text/html; charset=UTF-8] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(scope) returns [https://graph.microsoft.com/.default] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, encodeParameters) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeParameters],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeParameters) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectEndpointMethod],defaultValue[post]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectEndpointMethod) returns [post] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useRealm],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useRealm) returns [defaultWIMFileBasedRealm] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentSecurityPolicy],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentSecurityPolicy) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useJavaScript) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJavaScript],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJavaScript) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[null], password[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, accessTokenIsJwt) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[accessTokenIsJwt],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(accessTokenIsJwt) returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[resource],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(resource) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useIssuer) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useIssuer],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useIssuer) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowJwtIssuerSelection) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowJwtIssuerSelection],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowJwtIssuerSelection) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC 3   getOauthFlow returns [true]
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, usePkce) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[usePkce],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(usePkce) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC <  initialize Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getConfigOffline returns [not null] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfigOffline Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeOauthFlow(rpConfig[not null], username[null], password[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getTokenEndpoint returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getRpScope returns [https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       >  urlEncode Entry
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       3   value[https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       <  urlEncode returns [true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  addClientIdAndSecret Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientId returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientIdEncoded returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU <  addClientIdAndSecret; secretAdded[true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO TOKEN ENDPOINT ON OP FOR OAUTH FLOW
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[POST], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], contents[java.lang.String], rpConfig[not null], ltpaCookie[null], authnRequired[true], token[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   contents [grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx&client_secret=xxxxxxx]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   POST Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[POST],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getRevokeEndpointEnabled returns [false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC >  getRevokeEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC <  getRevokeEndpoint returns [null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getJwkEndpointUrl returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isRevokeEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isJwkEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getTokenEndpointAuthMethod returns [post]
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM TOKEN ENDPOINT FOR OAUTH FLOW
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeOauthFlow returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  createEntry(jsonString[not null], rpConfig[not null]) Entry
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  initCache Entry
[8/1/24 17:49:18:274 CEST] 000000b6 DynaCacheUtil >  init(maxSessionCacheSize[10000], jndiCacheName[null], clusterCaching[true]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil >  initDynamicCache(jndiCacheName[null], clusterCaching[true], cacheSize[10000]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   Cache size is doubled when using DynaCache to account for two cache entries for each session due to aliasing.
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   cacheSize[10000], dynCacheSize[20000]
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] c.i.w.r.component.MultibrokerDomainImpl  : CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster

[8/1/24 17:49:18:302 CEST] 000000b6 MultibrokerDo E   CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] com.ibm.ws.cache.CacheServiceImpl        : Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.

[8/1/24 17:49:18:313 CEST] 000000b6 CacheServiceI E   Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.

[8/1/24 17:49:18:313 CEST] 000000b6 ServerCache   I   DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1071I: The cache provider "default" is being used.

[8/1/24 17:49:18:314 CEST] 000000b6 ServerCache   I   DYNA1071I: The cache provider "default" is being used.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Setting default time to live on map to [7200] seconds.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Dynamic cache initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Cache will be managed by DynaCache.  Session cache customizing TAI properties will be ignored.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  initDynamicCache returns [not null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  init Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig >  getInstance() Entry
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig <  getInstance() returns [null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 SessionCache  <  initCache Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getNewRandom(hashOutput[false] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getRandomNumber(size[130] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      <  getRandomNumber() Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], useHash[false]) Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], algorithm[SHA-256], charset[UTF-8]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      >  removeTokenSeparators(inString[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  removeTokenSeparators returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  getNewRandom returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  ==> new SessionData Oauth:_cacheIndex[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  createData(dynaCacheEnabled[true], stateData[null], jsonString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}], rpConfig[not null], oauthPath[true]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  processJSON(JSONString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}],rpConfig[not null],initial[false]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[token_type],defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], required[false]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  isStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[true]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      3   hasClaim(obj,claimName) returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  isStringClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [Bearer] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[refresh_token],defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonLong(jobj[com.google.gson.JsonObject],key[expires_in],defaultValue[0]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[expires_in],required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getJsonValue returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonLong returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 RelyingPartyC 3   isAccessTokenRequired returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[id_token],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[id_token], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[scope], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[scope], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[scope], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 SessionData   >  setAccessToken(token [not null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  uncacheAsAccessToken Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  uncacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getAccessTokenIsJwt returns [false]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  setUserInfo (rpConfig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getUserinfoEndpointEnabled returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC >  getUserinfoEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC <  getUserinfoEndpoint returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getIdentityObject returns [null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setUserInfo returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setAccessToken Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  setExpirationTime(rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC 3   getOverrideIdTokenExp returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   idToken has no expiration time; defaulting to time to live to [7200] seconds.
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   _expirationTime[1722534558324]
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   SessionData Expiration Time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setExpirationTime Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  processJSON Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkAcrValues(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkAcrValues Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkBasicStartAuthorization(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkBasicStartAuthorization Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheMain Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getRemainingTimeToLiveSecs Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getExpirationTime() Entry
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   Expiration time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getExpirationTime returns [1722534558324] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getRemainingTimeToLiveSecs returns [7200] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   Caching in DynaCache with lifetime/timetolive [7200]; -1 means the entry does not time out.
[8/1/24 17:49:18:324 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  cacheMain Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      >  decode(encInput[eyJ0eXAiOiJKV1QiLCJub25jZSI6InZGRmFkZ0xtRXRqcGRVRVRfV0ZTT0tjQ3A2blFkQ3lISEttcHZ2YWwzUzQiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyIsImtpZCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyJ9]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:326 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getAccTokCacheAlias returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  createData() stateId=[null], sessionCookieId:cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  ==> new SessionData[com.ibm.ws.security.oidc.client.SessionData(isOauth=[true], cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo], cfgIndex=[0], expirationTime=[1722534558324], accessTokenExpiresIn=[1722530957321], identityObject=[null], idToken=[null], idTokenEnc=[null], iAccessToken=[null], accessToken=[null], oauthAccessToken=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx], refreshToken=[null], jwtClaims=[null], tokenType=[Bearer], scope=[null], userInfo=[null], iResponse=[null], basicAuthHeader=[null], verifiedJwt=[0], protectedUrl=[null], protectedUrlMethod=[null], parameterMap=[null], stateId=[null], dynamicCacheEnabled=[true])] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionCache  <  createEntry returns [not null] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getOauthResponse returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getClientCredentialsGrantAccessToken returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   Resetting invoked: null and received: nullsubjects
[8/1/24 17:49:18:343 CEST] 000000b6 WebSecurityCo 3   Getting pushed security value "true" for: com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   postInvoke popped resource oss-api-ear of type Application
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 <null>
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 18:11:40:170 CEST] 000000d9 ThreadPool    1   Exanding buffer of ThreadPool sonOutThreadPool by 5

Hi Petre,

We're looking for the properties that are sent to core security to login, not the TAI properties.  For example:

When you say that the LTPA cookie isn't created, do you mean that it isn't in the browser at all, or that it isn't sent on the request to the getCaseList endpoint?

Hi Barbara,

my OIDC version is 1.4.0 and WAS 8.5.5.23, I think that it is not so old.

This what I have in the trace log:

[7/31/24 16:49:13:844 CEST] 000000ac OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[7/31/24 16:49:13:844 CEST] 000000ac RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]

I have sucessfully got the access token but the ltp2 cookie is not returned.

Hi Petre,

This is the TAI config for your Spring Boot cluster, the Spring Boot app is in the filter, it is intercepted, you login and you do not get the LTPA?  If so, I suggest that you do the following:

1. Make sure that you are running 8.5.5.26, 9.0.5.20, or have OIDC 1.5.3 installed so that you are running the latest OIDC TAI.
2. Gather an OIDC trace of your Spring Boot login.  You can follow the instructions in the SSO Mustgather
3. When your login is complete, search for the 2nd entry for PROCESS COMPLETE. 
   • Either shortly before or after that entry, you should see the list of properties that we send to core security to construct the Subject.  One of the properties is setLtpaCookie.  To get the LTPA cookie, the property should be set to true.   Is that what you see?

Hello Barbara,

I added the provider_(id).setLtpaCookie=true (as per the official documentation it is set by default to true) property and restarted the server.

Again the LTPA cookie has not been created:

here is the configuration of the TAI:

Let me explain again the situation:

I have deployed Spring boot app to Cluster1 of the WebSphere cell. I have configured TAI for that application using callback url because it is a WEB app and users enter their credentials to the Microsoft login page. It works perfectly. 

Now, I have another spring boot app deployed to Cluster2 on the same WebSphere cell, which is a REST API, and again I have configured TAI (above image for provider_7) and authentication is being done by client_id and secert_id without redirection to Microsoft login page. My goal is to be able to consume endpoints exposed in the app at the cluster1 from the REST API at cluster2   authenticating by ltpa2 cookie because the app at cluster1 expects it.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 08:27 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hi Petre,

As I said earlier, just obtaining the OAuth token does not create the LTPA cookie.  The helper APIs are just convenience methods that do not prompt the TAI to login (and thus create cookies).  The LTPA cookie is created when you login to your Spring Boot application that is protected by the TAI. This is the config entry that needs provider_(id).setLtpaCookie=true . 

If your Spring Boot application is no longer protected by the TAI, then you'll need to protect getCaseList with the TAI, then send the OAuth token that you received on the Authorization header of the HTTP request.

Hello Barbara,

I have the folllwing log trace config:

*=info: com.ibm.ws.security.web.*=all: com.ibm.ws.security.oidc.*=all: com.ibm.ws.security.openidconnect.*=all: com.ibm.ws.security.openid20.*=all: com.ibm.ws.security.saml.*=all: com.ibm.websphere.wssecurity.*=all: com.ibm.ws.wssecurity.*=all: com.ibm.ws.wssecurity.platform.audit.*=off: SamlCommandProviderImpl=all: com.ibm.ws.security.oauth20.*=all: com.ibm.oauth.*=all

I successfully get an acces_token with 

OauthClientHelper.getClientCredentialsGrantAccessToken()  but LTPA has not been returned in a postman/browser

this is the log:

[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Look for a config entry that contains [grantType=CLIENT_CREDENTIALS] or [all]:
[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Processing provider number [0]
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 OauthHelper   3   Processing provider number [1]
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [2]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [3]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [4]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [5]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [6]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 OauthHelper   3   Initialize the config object for [grantType=CLIENT_CREDENTIALS]:
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  initialize(props[not null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[identifier],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(identifier) returns [ossapi] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC 3   ==> Processing config for provider identifier [ossapi]
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJwtFromRequest],defaultValue[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJwtFromRequest) returns [no] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateUseJwtFromRequestProperty(no) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  isFalse(String flag[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateUseJwtFromRequestProperty returns [NO] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  getDiscoveryProperties Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[discoveryEndpointUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(discoveryEndpointUrl) returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useDiscovery) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDiscovery],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDiscovery) returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 RelyingPartyC >  processDiscovery Entry
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  getDiscoveryEndpointEntry(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  processDiscovery Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeDiscovery(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO DISCOVERY ENDPOINT ON OP
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[GET], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], contents[null], rpConfig[null], ltpaCookie[null], authnRequired[false], token[null]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   rpConfig [null]
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   contents [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   GET Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[GET],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:052 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM DISCOVERY ENDPOINT
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeDiscovery returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:144 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[issuer]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[authorization_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[token_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[userinfo_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://graph.microsoft.com/oidc/userinfo] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[revocation_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[jwks_uri]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[introspection_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[end_session_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[id_token_signing_alg_values_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[id_token_signing_alg_values_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [RS256] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      >  getTokenEndpointAuthMethod(json[com.google.gson.JsonObject]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[token_endpoint_auth_methods_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[token_endpoint_auth_methods_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [client_secret_post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      <  getTokenEndpointAuthMethod returns [post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      3   Values obtained from discovery: (issuerIdentifier[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint[null], introspectEndpoint[null], endSessionEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], jwkEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], idtokenSigningAlg[RS256])
[8/1/24 17:49:18:155 CEST] 000000b6 JwKRetriever  3   JwKRetriever(jwkEndpointUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      >  cache Entry
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Caching entry for discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Adding alias entry for issuer[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  cache Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  processDiscovery Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  getDiscoveryEndpointEntry returns [com.ibm.ws.security.oidc.client.OPConfig [discoveryUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint=[null], jwkEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], introspectEndpoint=[null], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], idtokenSigningAlg=[RS256], tokenEndpointAuthMethod=[post], verifyIssuerInIat=[false], jwkRetriever=[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]]]) Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OPConfig      3   getJwKRetriever returns[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processDiscovery Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  getDiscoveryProperties Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmAllowList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmAllowList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmDenyList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmDenyList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC >  processSignatureAlgorithmProps(allowList[null],denyList[null]): idtokenSigningAlg[null] Entry
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for signAlg conflict with allowlist/denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for allowlist/denylist conflict
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for HS256 in allowlist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check if HS256 needs to be added to denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Setting signatureAlgorithmDenyList to HS256.
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       >  parseUris(uris[HS256]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [1] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processSignatureAlgorithmProps: idtokenSigningAlg[null], sigAllowList[], sigDenyList[[HS256]] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientId],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getProperty returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, verifyIssuerInIat) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[verifyIssuerInIat],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(verifyIssuerInIat) returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, setLtpaCookie) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[setLtpaCookie],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(setLtpaCookie) returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clientSecret) returns [not null] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], password[not null]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[interceptedPathFilter]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[interceptedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(interceptedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[excludedPathFilter]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[excludedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(excludedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[filter],defaultValue[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(filter) returns [request-url^=oss-dev.test-era.europa.eu/oss-api] Exit
[8/1/24 17:49:18:159 CEST] 000000b6 CommonHTTPHea >  init s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   setConfiguredFilterString [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Number of OR conditions: [1]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea >  buildAndCondition s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Processing condition [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   isValid
                                 Adding request-url ^= oss-dev.test-era.europa.eu/oss-api
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea <  buildAndCondition returns [not null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   Configured filter [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea <  init returns [true] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   setProcessAll [false]
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jsonWebKeyFile],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jsonWebKeyFile) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[trustStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(trustStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signVerifyAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signVerifyAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[keyStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(keyStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptKeyPassword],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptKeyPassword) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[loginErrorUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(loginErrorUrl) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, sendOpErrorParamsToLoginErrorUrl) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sendOpErrorParamsToLoginErrorUrl],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sendOpErrorParamsToLoginErrorUrl) returns [false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, userinfoEndpointEnabled) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userinfoEndpointEnabled],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userinfoEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isFalse(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionEndpointEnabled) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionEndpointEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionRedirectUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionRedirectUrl) returns [null] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionUseLogoutExitPage) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionUseLogoutExitPage],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionUseLogoutExitPage) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpsRequired) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpsRequired],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpsRequired) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpOnly) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpOnly],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpOnly) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[groupIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(groupIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userIdentifier) returns [oid] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[uniqueUserIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(uniqueUserIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[realmIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(realmIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, useDefaultIdentifierFirst) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDefaultIdentifierFirst],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDefaultIdentifierFirst) returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIntProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIntProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[callbackServletContext],defaultValue[/oidcclient]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(callbackServletContext) returns [/oidcclient] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[redirectToRPHostAndPort],defaultValue[null]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(redirectToRPHostAndPort) returns [null] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, includePortInDefaultRedirectUrl) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[includePortInDefaultRedirectUrl],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(includePortInDefaultRedirectUrl) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, refreshExpiredAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshExpiredAccessToken],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshExpiredAccessToken) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeAccessToken],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeAccessToken) returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeTokensOnCacheEviction) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeTokensOnCacheEviction],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeTokensOnCacheEviction) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[responseType],validValues[not null],defaultValue[code],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(responseType) returns [code] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, nonceEnabled) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[nonceEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(nonceEnabled) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clockSkew],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clockSkew) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[clockSkew], strValue[null], defValue[180] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [180] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshBeforeAccessTokenExpiresTime],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshBeforeAccessTokenExpiresTime) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[refreshBeforeAccessTokenExpiresTime], strValue[null], defValue[0] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [0] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sessionCacheTimeoutMinutes],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sessionCacheTimeoutMinutes) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC 3   setSessionTimeoutMillis(timeToExpire[null])
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC <  setSessionTimeoutMillis Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, tokenReuse) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[tokenReuse],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(tokenReuse) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[audiences]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[audiences],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(audiences) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[headerName],defaultValue[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(headerName) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowImplicitClientFlow) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowImplicitClientFlow],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowImplicitClientFlow) returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, createSession) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[createSession],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(createSession) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [true] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, encodeNewline) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeNewline],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeNewline) returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, mapIdentityToRegistryUser) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[mapIdentityToRegistryUser],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(mapIdentityToRegistryUser) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentType],defaultValue[text/html; charset=UTF-8]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentType) returns [text/html; charset=UTF-8] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(scope) returns [https://graph.microsoft.com/.default] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, encodeParameters) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeParameters],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeParameters) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectEndpointMethod],defaultValue[post]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectEndpointMethod) returns [post] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useRealm],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useRealm) returns [defaultWIMFileBasedRealm] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentSecurityPolicy],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentSecurityPolicy) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useJavaScript) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJavaScript],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJavaScript) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[null], password[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, accessTokenIsJwt) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[accessTokenIsJwt],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(accessTokenIsJwt) returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[resource],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(resource) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useIssuer) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useIssuer],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useIssuer) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowJwtIssuerSelection) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowJwtIssuerSelection],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowJwtIssuerSelection) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC 3   getOauthFlow returns [true]
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, usePkce) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[usePkce],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(usePkce) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC <  initialize Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getConfigOffline returns [not null] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfigOffline Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeOauthFlow(rpConfig[not null], username[null], password[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getTokenEndpoint returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getRpScope returns [https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       >  urlEncode Entry
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       3   value[https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       <  urlEncode returns [true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  addClientIdAndSecret Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientId returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientIdEncoded returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU <  addClientIdAndSecret; secretAdded[true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO TOKEN ENDPOINT ON OP FOR OAUTH FLOW
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[POST], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], contents[java.lang.String], rpConfig[not null], ltpaCookie[null], authnRequired[true], token[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   contents [grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx&client_secret=xxxxxxx]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   POST Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[POST],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getRevokeEndpointEnabled returns [false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC >  getRevokeEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC <  getRevokeEndpoint returns [null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getJwkEndpointUrl returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isRevokeEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isJwkEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getTokenEndpointAuthMethod returns [post]
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM TOKEN ENDPOINT FOR OAUTH FLOW
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeOauthFlow returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  createEntry(jsonString[not null], rpConfig[not null]) Entry
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  initCache Entry
[8/1/24 17:49:18:274 CEST] 000000b6 DynaCacheUtil >  init(maxSessionCacheSize[10000], jndiCacheName[null], clusterCaching[true]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil >  initDynamicCache(jndiCacheName[null], clusterCaching[true], cacheSize[10000]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   Cache size is doubled when using DynaCache to account for two cache entries for each session due to aliasing.
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   cacheSize[10000], dynCacheSize[20000]
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] c.i.w.r.component.MultibrokerDomainImpl  : CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster

[8/1/24 17:49:18:302 CEST] 000000b6 MultibrokerDo E   CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] com.ibm.ws.cache.CacheServiceImpl        : Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.

[8/1/24 17:49:18:313 CEST] 000000b6 CacheServiceI E   Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.

[8/1/24 17:49:18:313 CEST] 000000b6 ServerCache   I   DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1071I: The cache provider "default" is being used.

[8/1/24 17:49:18:314 CEST] 000000b6 ServerCache   I   DYNA1071I: The cache provider "default" is being used.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Setting default time to live on map to [7200] seconds.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Dynamic cache initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Cache will be managed by DynaCache.  Session cache customizing TAI properties will be ignored.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  initDynamicCache returns [not null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  init Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig >  getInstance() Entry
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig <  getInstance() returns [null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 SessionCache  <  initCache Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getNewRandom(hashOutput[false] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getRandomNumber(size[130] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      <  getRandomNumber() Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], useHash[false]) Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], algorithm[SHA-256], charset[UTF-8]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      >  removeTokenSeparators(inString[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  removeTokenSeparators returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  getNewRandom returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  ==> new SessionData Oauth:_cacheIndex[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  createData(dynaCacheEnabled[true], stateData[null], jsonString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}], rpConfig[not null], oauthPath[true]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  processJSON(JSONString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}],rpConfig[not null],initial[false]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[token_type],defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], required[false]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  isStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[true]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      3   hasClaim(obj,claimName) returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  isStringClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [Bearer] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[refresh_token],defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonLong(jobj[com.google.gson.JsonObject],key[expires_in],defaultValue[0]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[expires_in],required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getJsonValue returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonLong returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 RelyingPartyC 3   isAccessTokenRequired returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[id_token],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[id_token], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[scope], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[scope], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[scope], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 SessionData   >  setAccessToken(token [not null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  uncacheAsAccessToken Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  uncacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getAccessTokenIsJwt returns [false]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  setUserInfo (rpConfig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getUserinfoEndpointEnabled returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC >  getUserinfoEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC <  getUserinfoEndpoint returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getIdentityObject returns [null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setUserInfo returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setAccessToken Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  setExpirationTime(rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC 3   getOverrideIdTokenExp returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   idToken has no expiration time; defaulting to time to live to [7200] seconds.
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   _expirationTime[1722534558324]
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   SessionData Expiration Time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setExpirationTime Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  processJSON Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkAcrValues(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkAcrValues Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkBasicStartAuthorization(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkBasicStartAuthorization Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheMain Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getRemainingTimeToLiveSecs Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getExpirationTime() Entry
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   Expiration time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getExpirationTime returns [1722534558324] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getRemainingTimeToLiveSecs returns [7200] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   Caching in DynaCache with lifetime/timetolive [7200]; -1 means the entry does not time out.
[8/1/24 17:49:18:324 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  cacheMain Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      >  decode(encInput[eyJ0eXAiOiJKV1QiLCJub25jZSI6InZGRmFkZ0xtRXRqcGRVRVRfV0ZTT0tjQ3A2blFkQ3lISEttcHZ2YWwzUzQiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyIsImtpZCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyJ9]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:326 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getAccTokCacheAlias returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  createData() stateId=[null], sessionCookieId:cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  ==> new SessionData[com.ibm.ws.security.oidc.client.SessionData(isOauth=[true], cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo], cfgIndex=[0], expirationTime=[1722534558324], accessTokenExpiresIn=[1722530957321], identityObject=[null], idToken=[null], idTokenEnc=[null], iAccessToken=[null], accessToken=[null], oauthAccessToken=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx], refreshToken=[null], jwtClaims=[null], tokenType=[Bearer], scope=[null], userInfo=[null], iResponse=[null], basicAuthHeader=[null], verifiedJwt=[0], protectedUrl=[null], protectedUrlMethod=[null], parameterMap=[null], stateId=[null], dynamicCacheEnabled=[true])] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionCache  <  createEntry returns [not null] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getOauthResponse returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getClientCredentialsGrantAccessToken returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   Resetting invoked: null and received: nullsubjects
[8/1/24 17:49:18:343 CEST] 000000b6 WebSecurityCo 3   Getting pushed security value "true" for: com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   postInvoke popped resource oss-api-ear of type Application
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 <null>
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 18:11:40:170 CEST] 000000d9 ThreadPool    1   Exanding buffer of ThreadPool sonOutThreadPool by 5

Hi Petre,

We're looking for the properties that are sent to core security to login, not the TAI properties.  For example:

When you say that the LTPA cookie isn't created, do you mean that it isn't in the browser at all, or that it isn't sent on the request to the getCaseList endpoint?

Hi Barbara,

my OIDC version is 1.4.0 and WAS 8.5.5.23, I think that it is not so old.

This what I have in the trace log:

[7/31/24 16:49:13:844 CEST] 000000ac OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[7/31/24 16:49:13:844 CEST] 000000ac RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]

I have sucessfully got the access token but the ltp2 cookie is not returned.

Hi Petre,

This is the TAI config for your Spring Boot cluster, the Spring Boot app is in the filter, it is intercepted, you login and you do not get the LTPA?  If so, I suggest that you do the following:

1. Make sure that you are running 8.5.5.26, 9.0.5.20, or have OIDC 1.5.3 installed so that you are running the latest OIDC TAI.
2. Gather an OIDC trace of your Spring Boot login.  You can follow the instructions in the SSO Mustgather
3. When your login is complete, search for the 2nd entry for PROCESS COMPLETE. 
   • Either shortly before or after that entry, you should see the list of properties that we send to core security to construct the Subject.  One of the properties is setLtpaCookie.  To get the LTPA cookie, the property should be set to true.   Is that what you see?

Hello Barbara,

I added the provider_(id).setLtpaCookie=true (as per the official documentation it is set by default to true) property and restarted the server.

Again the LTPA cookie has not been created:

here is the configuration of the TAI:

Let me explain again the situation:

I have deployed Spring boot app to Cluster1 of the WebSphere cell. I have configured TAI for that application using callback url because it is a WEB app and users enter their credentials to the Microsoft login page. It works perfectly. 

Now, I have another spring boot app deployed to Cluster2 on the same WebSphere cell, which is a REST API, and again I have configured TAI (above image for provider_7) and authentication is being done by client_id and secert_id without redirection to Microsoft login page. My goal is to be able to consume endpoints exposed in the app at the cluster1 from the REST API at cluster2   authenticating by ltpa2 cookie because the app at cluster1 expects it.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 08:27 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hi Petre,

As I said earlier, just obtaining the OAuth token does not create the LTPA cookie.  The helper APIs are just convenience methods that do not prompt the TAI to login (and thus create cookies).  The LTPA cookie is created when you login to your Spring Boot application that is protected by the TAI. This is the config entry that needs provider_(id).setLtpaCookie=true . 

If your Spring Boot application is no longer protected by the TAI, then you'll need to protect getCaseList with the TAI, then send the OAuth token that you received on the Authorization header of the HTTP request.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu August 01, 2024 01:28 PM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I have the folllwing log trace config:

*=info: com.ibm.ws.security.web.*=all: com.ibm.ws.security.oidc.*=all: com.ibm.ws.security.openidconnect.*=all: com.ibm.ws.security.openid20.*=all: com.ibm.ws.security.saml.*=all: com.ibm.websphere.wssecurity.*=all: com.ibm.ws.wssecurity.*=all: com.ibm.ws.wssecurity.platform.audit.*=off: SamlCommandProviderImpl=all: com.ibm.ws.security.oauth20.*=all: com.ibm.oauth.*=all

I successfully get an acces_token with 

OauthClientHelper.getClientCredentialsGrantAccessToken()  but LTPA has not been returned in a postman/browser

this is the log:

[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Look for a config entry that contains [grantType=CLIENT_CREDENTIALS] or [all]:
[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Processing provider number [0]
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 OauthHelper   3   Processing provider number [1]
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [2]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [3]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [4]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [5]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [6]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 OauthHelper   3   Initialize the config object for [grantType=CLIENT_CREDENTIALS]:
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  initialize(props[not null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[identifier],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(identifier) returns [ossapi] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC 3   ==> Processing config for provider identifier [ossapi]
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJwtFromRequest],defaultValue[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJwtFromRequest) returns [no] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateUseJwtFromRequestProperty(no) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  isFalse(String flag[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateUseJwtFromRequestProperty returns [NO] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  getDiscoveryProperties Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[discoveryEndpointUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(discoveryEndpointUrl) returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useDiscovery) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDiscovery],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDiscovery) returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 RelyingPartyC >  processDiscovery Entry
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  getDiscoveryEndpointEntry(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  processDiscovery Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeDiscovery(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO DISCOVERY ENDPOINT ON OP
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[GET], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], contents[null], rpConfig[null], ltpaCookie[null], authnRequired[false], token[null]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   rpConfig [null]
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   contents [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   GET Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[GET],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:052 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM DISCOVERY ENDPOINT
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeDiscovery returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:144 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[issuer]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[authorization_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[token_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[userinfo_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://graph.microsoft.com/oidc/userinfo] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[revocation_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[jwks_uri]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[introspection_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[end_session_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[id_token_signing_alg_values_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[id_token_signing_alg_values_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [RS256] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      >  getTokenEndpointAuthMethod(json[com.google.gson.JsonObject]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[token_endpoint_auth_methods_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[token_endpoint_auth_methods_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [client_secret_post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      <  getTokenEndpointAuthMethod returns [post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      3   Values obtained from discovery: (issuerIdentifier[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint[null], introspectEndpoint[null], endSessionEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], jwkEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], idtokenSigningAlg[RS256])
[8/1/24 17:49:18:155 CEST] 000000b6 JwKRetriever  3   JwKRetriever(jwkEndpointUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      >  cache Entry
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Caching entry for discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Adding alias entry for issuer[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  cache Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  processDiscovery Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  getDiscoveryEndpointEntry returns [com.ibm.ws.security.oidc.client.OPConfig [discoveryUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint=[null], jwkEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], introspectEndpoint=[null], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], idtokenSigningAlg=[RS256], tokenEndpointAuthMethod=[post], verifyIssuerInIat=[false], jwkRetriever=[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]]]) Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OPConfig      3   getJwKRetriever returns[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processDiscovery Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  getDiscoveryProperties Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmAllowList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmAllowList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmDenyList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmDenyList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC >  processSignatureAlgorithmProps(allowList[null],denyList[null]): idtokenSigningAlg[null] Entry
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for signAlg conflict with allowlist/denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for allowlist/denylist conflict
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for HS256 in allowlist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check if HS256 needs to be added to denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Setting signatureAlgorithmDenyList to HS256.
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       >  parseUris(uris[HS256]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [1] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processSignatureAlgorithmProps: idtokenSigningAlg[null], sigAllowList[], sigDenyList[[HS256]] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientId],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getProperty returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, verifyIssuerInIat) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[verifyIssuerInIat],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(verifyIssuerInIat) returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, setLtpaCookie) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[setLtpaCookie],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(setLtpaCookie) returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clientSecret) returns [not null] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], password[not null]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[interceptedPathFilter]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[interceptedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(interceptedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[excludedPathFilter]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[excludedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(excludedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[filter],defaultValue[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(filter) returns [request-url^=oss-dev.test-era.europa.eu/oss-api] Exit
[8/1/24 17:49:18:159 CEST] 000000b6 CommonHTTPHea >  init s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   setConfiguredFilterString [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Number of OR conditions: [1]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea >  buildAndCondition s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Processing condition [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   isValid
                                 Adding request-url ^= oss-dev.test-era.europa.eu/oss-api
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea <  buildAndCondition returns [not null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   Configured filter [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea <  init returns [true] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   setProcessAll [false]
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jsonWebKeyFile],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jsonWebKeyFile) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[trustStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(trustStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signVerifyAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signVerifyAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[keyStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(keyStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptKeyPassword],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptKeyPassword) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[loginErrorUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(loginErrorUrl) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, sendOpErrorParamsToLoginErrorUrl) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sendOpErrorParamsToLoginErrorUrl],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sendOpErrorParamsToLoginErrorUrl) returns [false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, userinfoEndpointEnabled) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userinfoEndpointEnabled],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userinfoEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isFalse(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionEndpointEnabled) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionEndpointEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionRedirectUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionRedirectUrl) returns [null] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionUseLogoutExitPage) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionUseLogoutExitPage],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionUseLogoutExitPage) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpsRequired) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpsRequired],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpsRequired) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpOnly) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpOnly],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpOnly) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[groupIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(groupIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userIdentifier) returns [oid] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[uniqueUserIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(uniqueUserIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[realmIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(realmIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, useDefaultIdentifierFirst) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDefaultIdentifierFirst],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDefaultIdentifierFirst) returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIntProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIntProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[callbackServletContext],defaultValue[/oidcclient]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(callbackServletContext) returns [/oidcclient] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[redirectToRPHostAndPort],defaultValue[null]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(redirectToRPHostAndPort) returns [null] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, includePortInDefaultRedirectUrl) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[includePortInDefaultRedirectUrl],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(includePortInDefaultRedirectUrl) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, refreshExpiredAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshExpiredAccessToken],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshExpiredAccessToken) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeAccessToken],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeAccessToken) returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeTokensOnCacheEviction) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeTokensOnCacheEviction],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeTokensOnCacheEviction) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[responseType],validValues[not null],defaultValue[code],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(responseType) returns [code] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, nonceEnabled) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[nonceEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(nonceEnabled) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clockSkew],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clockSkew) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[clockSkew], strValue[null], defValue[180] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [180] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshBeforeAccessTokenExpiresTime],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshBeforeAccessTokenExpiresTime) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[refreshBeforeAccessTokenExpiresTime], strValue[null], defValue[0] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [0] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sessionCacheTimeoutMinutes],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sessionCacheTimeoutMinutes) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC 3   setSessionTimeoutMillis(timeToExpire[null])
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC <  setSessionTimeoutMillis Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, tokenReuse) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[tokenReuse],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(tokenReuse) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[audiences]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[audiences],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(audiences) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[headerName],defaultValue[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(headerName) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowImplicitClientFlow) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowImplicitClientFlow],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowImplicitClientFlow) returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, createSession) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[createSession],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(createSession) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [true] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, encodeNewline) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeNewline],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeNewline) returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, mapIdentityToRegistryUser) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[mapIdentityToRegistryUser],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(mapIdentityToRegistryUser) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentType],defaultValue[text/html; charset=UTF-8]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentType) returns [text/html; charset=UTF-8] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(scope) returns [https://graph.microsoft.com/.default] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, encodeParameters) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeParameters],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeParameters) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectEndpointMethod],defaultValue[post]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectEndpointMethod) returns [post] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useRealm],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useRealm) returns [defaultWIMFileBasedRealm] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentSecurityPolicy],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentSecurityPolicy) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useJavaScript) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJavaScript],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJavaScript) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[null], password[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, accessTokenIsJwt) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[accessTokenIsJwt],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(accessTokenIsJwt) returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[resource],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(resource) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useIssuer) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useIssuer],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useIssuer) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowJwtIssuerSelection) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowJwtIssuerSelection],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowJwtIssuerSelection) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC 3   getOauthFlow returns [true]
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, usePkce) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[usePkce],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(usePkce) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC <  initialize Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getConfigOffline returns [not null] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfigOffline Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeOauthFlow(rpConfig[not null], username[null], password[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getTokenEndpoint returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getRpScope returns [https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       >  urlEncode Entry
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       3   value[https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       <  urlEncode returns [true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  addClientIdAndSecret Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientId returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientIdEncoded returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU <  addClientIdAndSecret; secretAdded[true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO TOKEN ENDPOINT ON OP FOR OAUTH FLOW
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[POST], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], contents[java.lang.String], rpConfig[not null], ltpaCookie[null], authnRequired[true], token[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   contents [grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx&client_secret=xxxxxxx]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   POST Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[POST],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getRevokeEndpointEnabled returns [false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC >  getRevokeEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC <  getRevokeEndpoint returns [null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getJwkEndpointUrl returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isRevokeEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isJwkEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getTokenEndpointAuthMethod returns [post]
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM TOKEN ENDPOINT FOR OAUTH FLOW
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeOauthFlow returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  createEntry(jsonString[not null], rpConfig[not null]) Entry
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  initCache Entry
[8/1/24 17:49:18:274 CEST] 000000b6 DynaCacheUtil >  init(maxSessionCacheSize[10000], jndiCacheName[null], clusterCaching[true]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil >  initDynamicCache(jndiCacheName[null], clusterCaching[true], cacheSize[10000]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   Cache size is doubled when using DynaCache to account for two cache entries for each session due to aliasing.
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   cacheSize[10000], dynCacheSize[20000]
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] c.i.w.r.component.MultibrokerDomainImpl  : CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster

[8/1/24 17:49:18:302 CEST] 000000b6 MultibrokerDo E   CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] com.ibm.ws.cache.CacheServiceImpl        : Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.

[8/1/24 17:49:18:313 CEST] 000000b6 CacheServiceI E   Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.

[8/1/24 17:49:18:313 CEST] 000000b6 ServerCache   I   DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1071I: The cache provider "default" is being used.

[8/1/24 17:49:18:314 CEST] 000000b6 ServerCache   I   DYNA1071I: The cache provider "default" is being used.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Setting default time to live on map to [7200] seconds.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Dynamic cache initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Cache will be managed by DynaCache.  Session cache customizing TAI properties will be ignored.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  initDynamicCache returns [not null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  init Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig >  getInstance() Entry
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig <  getInstance() returns [null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 SessionCache  <  initCache Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getNewRandom(hashOutput[false] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getRandomNumber(size[130] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      <  getRandomNumber() Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], useHash[false]) Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], algorithm[SHA-256], charset[UTF-8]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      >  removeTokenSeparators(inString[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  removeTokenSeparators returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  getNewRandom returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  ==> new SessionData Oauth:_cacheIndex[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  createData(dynaCacheEnabled[true], stateData[null], jsonString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}], rpConfig[not null], oauthPath[true]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  processJSON(JSONString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}],rpConfig[not null],initial[false]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[token_type],defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], required[false]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  isStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[true]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      3   hasClaim(obj,claimName) returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  isStringClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [Bearer] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[refresh_token],defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonLong(jobj[com.google.gson.JsonObject],key[expires_in],defaultValue[0]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[expires_in],required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getJsonValue returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonLong returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 RelyingPartyC 3   isAccessTokenRequired returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[id_token],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[id_token], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[scope], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[scope], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[scope], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 SessionData   >  setAccessToken(token [not null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  uncacheAsAccessToken Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  uncacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getAccessTokenIsJwt returns [false]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  setUserInfo (rpConfig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getUserinfoEndpointEnabled returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC >  getUserinfoEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC <  getUserinfoEndpoint returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getIdentityObject returns [null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setUserInfo returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setAccessToken Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  setExpirationTime(rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC 3   getOverrideIdTokenExp returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   idToken has no expiration time; defaulting to time to live to [7200] seconds.
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   _expirationTime[1722534558324]
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   SessionData Expiration Time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setExpirationTime Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  processJSON Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkAcrValues(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkAcrValues Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkBasicStartAuthorization(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkBasicStartAuthorization Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheMain Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getRemainingTimeToLiveSecs Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getExpirationTime() Entry
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   Expiration time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getExpirationTime returns [1722534558324] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getRemainingTimeToLiveSecs returns [7200] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   Caching in DynaCache with lifetime/timetolive [7200]; -1 means the entry does not time out.
[8/1/24 17:49:18:324 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  cacheMain Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      >  decode(encInput[eyJ0eXAiOiJKV1QiLCJub25jZSI6InZGRmFkZ0xtRXRqcGRVRVRfV0ZTT0tjQ3A2blFkQ3lISEttcHZ2YWwzUzQiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyIsImtpZCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyJ9]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:326 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getAccTokCacheAlias returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  createData() stateId=[null], sessionCookieId:cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  ==> new SessionData[com.ibm.ws.security.oidc.client.SessionData(isOauth=[true], cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo], cfgIndex=[0], expirationTime=[1722534558324], accessTokenExpiresIn=[1722530957321], identityObject=[null], idToken=[null], idTokenEnc=[null], iAccessToken=[null], accessToken=[null], oauthAccessToken=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx], refreshToken=[null], jwtClaims=[null], tokenType=[Bearer], scope=[null], userInfo=[null], iResponse=[null], basicAuthHeader=[null], verifiedJwt=[0], protectedUrl=[null], protectedUrlMethod=[null], parameterMap=[null], stateId=[null], dynamicCacheEnabled=[true])] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionCache  <  createEntry returns [not null] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getOauthResponse returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getClientCredentialsGrantAccessToken returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   Resetting invoked: null and received: nullsubjects
[8/1/24 17:49:18:343 CEST] 000000b6 WebSecurityCo 3   Getting pushed security value "true" for: com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   postInvoke popped resource oss-api-ear of type Application
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 <null>
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 18:11:40:170 CEST] 000000d9 ThreadPool    1   Exanding buffer of ThreadPool sonOutThreadPool by 5

------------------------------
Petre Petreski

Original Message:
Sent: Thu August 01, 2024 08:32 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

We're looking for the properties that are sent to core security to login, not the TAI properties.  For example:

When you say that the LTPA cookie isn't created, do you mean that it isn't in the browser at all, or that it isn't sent on the request to the getCaseList endpoint?

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 11:15 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Barbara,

my OIDC version is 1.4.0 and WAS 8.5.5.23, I think that it is not so old.

This what I have in the trace log:

[7/31/24 16:49:13:844 CEST] 000000ac OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[7/31/24 16:49:13:844 CEST] 000000ac RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]

I have sucessfully got the access token but the ltp2 cookie is not returned.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 10:13 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

This is the TAI config for your Spring Boot cluster, the Spring Boot app is in the filter, it is intercepted, you login and you do not get the LTPA?  If so, I suggest that you do the following:

1. Make sure that you are running 8.5.5.26, 9.0.5.20, or have OIDC 1.5.3 installed so that you are running the latest OIDC TAI.
2. Gather an OIDC trace of your Spring Boot login.  You can follow the instructions in the SSO Mustgather
3. When your login is complete, search for the 2nd entry for PROCESS COMPLETE. 
   • Either shortly before or after that entry, you should see the list of properties that we send to core security to construct the Subject.  One of the properties is setLtpaCookie.  To get the LTPA cookie, the property should be set to true.   Is that what you see?

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 09:41 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I added the provider_(id).setLtpaCookie=true (as per the official documentation it is set by default to true) property and restarted the server.

Again the LTPA cookie has not been created:

here is the configuration of the TAI:

Let me explain again the situation:

I have deployed Spring boot app to Cluster1 of the WebSphere cell. I have configured TAI for that application using callback url because it is a WEB app and users enter their credentials to the Microsoft login page. It works perfectly. 

Now, I have another spring boot app deployed to Cluster2 on the same WebSphere cell, which is a REST API, and again I have configured TAI (above image for provider_7) and authentication is being done by client_id and secert_id without redirection to Microsoft login page. My goal is to be able to consume endpoints exposed in the app at the cluster1 from the REST API at cluster2   authenticating by ltpa2 cookie because the app at cluster1 expects it.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 08:27 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hello Barbara,

What kind of configuration should be done  in OIDC TAI in order to authenticate by bearer token ?

I tried to access the protected url /ossapi/entry by providing BEARER token in headers  but seems  that the filter in TAI intercepts the request. However, it seems that is not authorized and most probably this is the reason that it does not create LTPA. First of all I need to make sure that I am able to authenticate by BEARER token. How can I prove it?

Please find the trace log (tarce_TAI.log) as an attachment.

Thank you very much for your help!

------------------------------
Petre Petreski

Original Message:
Sent: Thu August 01, 2024 03:53 PM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

As I said earlier, just obtaining the OAuth token does not create the LTPA cookie.  The helper APIs are just convenience methods that do not prompt the TAI to login (and thus create cookies).  The LTPA cookie is created when you login to your Spring Boot application that is protected by the TAI. This is the config entry that needs provider_(id).setLtpaCookie=true . 

If your Spring Boot application is no longer protected by the TAI, then you'll need to protect getCaseList with the TAI, then send the OAuth token that you received on the Authorization header of the HTTP request.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu August 01, 2024 01:28 PM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I have the folllwing log trace config:

*=info: com.ibm.ws.security.web.*=all: com.ibm.ws.security.oidc.*=all: com.ibm.ws.security.openidconnect.*=all: com.ibm.ws.security.openid20.*=all: com.ibm.ws.security.saml.*=all: com.ibm.websphere.wssecurity.*=all: com.ibm.ws.wssecurity.*=all: com.ibm.ws.wssecurity.platform.audit.*=off: SamlCommandProviderImpl=all: com.ibm.ws.security.oauth20.*=all: com.ibm.oauth.*=all

I successfully get an acces_token with 

OauthClientHelper.getClientCredentialsGrantAccessToken()  but LTPA has not been returned in a postman/browser

this is the log:

[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Look for a config entry that contains [grantType=CLIENT_CREDENTIALS] or [all]:
[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Processing provider number [0]
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 OauthHelper   3   Processing provider number [1]
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [2]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [3]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [4]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [5]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [6]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 OauthHelper   3   Initialize the config object for [grantType=CLIENT_CREDENTIALS]:
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  initialize(props[not null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[identifier],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(identifier) returns [ossapi] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC 3   ==> Processing config for provider identifier [ossapi]
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJwtFromRequest],defaultValue[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJwtFromRequest) returns [no] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateUseJwtFromRequestProperty(no) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  isFalse(String flag[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateUseJwtFromRequestProperty returns [NO] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  getDiscoveryProperties Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[discoveryEndpointUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(discoveryEndpointUrl) returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useDiscovery) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDiscovery],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDiscovery) returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 RelyingPartyC >  processDiscovery Entry
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  getDiscoveryEndpointEntry(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  processDiscovery Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeDiscovery(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO DISCOVERY ENDPOINT ON OP
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[GET], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], contents[null], rpConfig[null], ltpaCookie[null], authnRequired[false], token[null]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   rpConfig [null]
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   contents [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   GET Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[GET],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:052 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM DISCOVERY ENDPOINT
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeDiscovery returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:144 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[issuer]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[authorization_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[token_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[userinfo_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://graph.microsoft.com/oidc/userinfo] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[revocation_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[jwks_uri]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[introspection_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[end_session_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[id_token_signing_alg_values_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[id_token_signing_alg_values_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [RS256] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      >  getTokenEndpointAuthMethod(json[com.google.gson.JsonObject]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[token_endpoint_auth_methods_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[token_endpoint_auth_methods_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [client_secret_post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      <  getTokenEndpointAuthMethod returns [post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      3   Values obtained from discovery: (issuerIdentifier[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint[null], introspectEndpoint[null], endSessionEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], jwkEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], idtokenSigningAlg[RS256])
[8/1/24 17:49:18:155 CEST] 000000b6 JwKRetriever  3   JwKRetriever(jwkEndpointUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      >  cache Entry
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Caching entry for discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Adding alias entry for issuer[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  cache Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  processDiscovery Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  getDiscoveryEndpointEntry returns [com.ibm.ws.security.oidc.client.OPConfig [discoveryUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint=[null], jwkEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], introspectEndpoint=[null], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], idtokenSigningAlg=[RS256], tokenEndpointAuthMethod=[post], verifyIssuerInIat=[false], jwkRetriever=[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]]]) Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OPConfig      3   getJwKRetriever returns[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processDiscovery Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  getDiscoveryProperties Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmAllowList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmAllowList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmDenyList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmDenyList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC >  processSignatureAlgorithmProps(allowList[null],denyList[null]): idtokenSigningAlg[null] Entry
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for signAlg conflict with allowlist/denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for allowlist/denylist conflict
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for HS256 in allowlist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check if HS256 needs to be added to denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Setting signatureAlgorithmDenyList to HS256.
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       >  parseUris(uris[HS256]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [1] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processSignatureAlgorithmProps: idtokenSigningAlg[null], sigAllowList[], sigDenyList[[HS256]] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientId],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getProperty returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, verifyIssuerInIat) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[verifyIssuerInIat],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(verifyIssuerInIat) returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, setLtpaCookie) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[setLtpaCookie],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(setLtpaCookie) returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clientSecret) returns [not null] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], password[not null]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[interceptedPathFilter]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[interceptedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(interceptedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[excludedPathFilter]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[excludedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(excludedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[filter],defaultValue[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(filter) returns [request-url^=oss-dev.test-era.europa.eu/oss-api] Exit
[8/1/24 17:49:18:159 CEST] 000000b6 CommonHTTPHea >  init s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   setConfiguredFilterString [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Number of OR conditions: [1]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea >  buildAndCondition s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Processing condition [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   isValid
                                 Adding request-url ^= oss-dev.test-era.europa.eu/oss-api
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea <  buildAndCondition returns [not null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   Configured filter [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea <  init returns [true] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   setProcessAll [false]
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jsonWebKeyFile],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jsonWebKeyFile) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[trustStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(trustStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signVerifyAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signVerifyAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[keyStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(keyStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptKeyPassword],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptKeyPassword) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[loginErrorUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(loginErrorUrl) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, sendOpErrorParamsToLoginErrorUrl) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sendOpErrorParamsToLoginErrorUrl],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sendOpErrorParamsToLoginErrorUrl) returns [false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, userinfoEndpointEnabled) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userinfoEndpointEnabled],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userinfoEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isFalse(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionEndpointEnabled) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionEndpointEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionRedirectUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionRedirectUrl) returns [null] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionUseLogoutExitPage) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionUseLogoutExitPage],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionUseLogoutExitPage) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpsRequired) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpsRequired],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpsRequired) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpOnly) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpOnly],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpOnly) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[groupIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(groupIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userIdentifier) returns [oid] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[uniqueUserIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(uniqueUserIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[realmIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(realmIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, useDefaultIdentifierFirst) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDefaultIdentifierFirst],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDefaultIdentifierFirst) returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIntProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIntProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[callbackServletContext],defaultValue[/oidcclient]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(callbackServletContext) returns [/oidcclient] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[redirectToRPHostAndPort],defaultValue[null]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(redirectToRPHostAndPort) returns [null] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, includePortInDefaultRedirectUrl) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[includePortInDefaultRedirectUrl],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(includePortInDefaultRedirectUrl) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, refreshExpiredAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshExpiredAccessToken],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshExpiredAccessToken) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeAccessToken],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeAccessToken) returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeTokensOnCacheEviction) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeTokensOnCacheEviction],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeTokensOnCacheEviction) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[responseType],validValues[not null],defaultValue[code],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(responseType) returns [code] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, nonceEnabled) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[nonceEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(nonceEnabled) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clockSkew],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clockSkew) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[clockSkew], strValue[null], defValue[180] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [180] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshBeforeAccessTokenExpiresTime],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshBeforeAccessTokenExpiresTime) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[refreshBeforeAccessTokenExpiresTime], strValue[null], defValue[0] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [0] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sessionCacheTimeoutMinutes],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sessionCacheTimeoutMinutes) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC 3   setSessionTimeoutMillis(timeToExpire[null])
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC <  setSessionTimeoutMillis Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, tokenReuse) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[tokenReuse],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(tokenReuse) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[audiences]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[audiences],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(audiences) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[headerName],defaultValue[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(headerName) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowImplicitClientFlow) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowImplicitClientFlow],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowImplicitClientFlow) returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, createSession) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[createSession],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(createSession) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [true] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, encodeNewline) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeNewline],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeNewline) returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, mapIdentityToRegistryUser) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[mapIdentityToRegistryUser],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(mapIdentityToRegistryUser) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentType],defaultValue[text/html; charset=UTF-8]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentType) returns [text/html; charset=UTF-8] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(scope) returns [https://graph.microsoft.com/.default] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, encodeParameters) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeParameters],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeParameters) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectEndpointMethod],defaultValue[post]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectEndpointMethod) returns [post] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useRealm],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useRealm) returns [defaultWIMFileBasedRealm] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentSecurityPolicy],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentSecurityPolicy) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useJavaScript) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJavaScript],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJavaScript) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[null], password[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, accessTokenIsJwt) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[accessTokenIsJwt],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(accessTokenIsJwt) returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[resource],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(resource) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useIssuer) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useIssuer],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useIssuer) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowJwtIssuerSelection) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowJwtIssuerSelection],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowJwtIssuerSelection) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC 3   getOauthFlow returns [true]
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, usePkce) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[usePkce],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(usePkce) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC <  initialize Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getConfigOffline returns [not null] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfigOffline Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeOauthFlow(rpConfig[not null], username[null], password[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getTokenEndpoint returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getRpScope returns [https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       >  urlEncode Entry
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       3   value[https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       <  urlEncode returns [true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  addClientIdAndSecret Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientId returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientIdEncoded returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU <  addClientIdAndSecret; secretAdded[true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO TOKEN ENDPOINT ON OP FOR OAUTH FLOW
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[POST], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], contents[java.lang.String], rpConfig[not null], ltpaCookie[null], authnRequired[true], token[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   contents [grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx&client_secret=xxxxxxx]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   POST Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[POST],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getRevokeEndpointEnabled returns [false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC >  getRevokeEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC <  getRevokeEndpoint returns [null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getJwkEndpointUrl returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isRevokeEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isJwkEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getTokenEndpointAuthMethod returns [post]
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM TOKEN ENDPOINT FOR OAUTH FLOW
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeOauthFlow returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  createEntry(jsonString[not null], rpConfig[not null]) Entry
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  initCache Entry
[8/1/24 17:49:18:274 CEST] 000000b6 DynaCacheUtil >  init(maxSessionCacheSize[10000], jndiCacheName[null], clusterCaching[true]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil >  initDynamicCache(jndiCacheName[null], clusterCaching[true], cacheSize[10000]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   Cache size is doubled when using DynaCache to account for two cache entries for each session due to aliasing.
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   cacheSize[10000], dynCacheSize[20000]
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] c.i.w.r.component.MultibrokerDomainImpl  : CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster

[8/1/24 17:49:18:302 CEST] 000000b6 MultibrokerDo E   CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] com.ibm.ws.cache.CacheServiceImpl        : Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.

[8/1/24 17:49:18:313 CEST] 000000b6 CacheServiceI E   Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.

[8/1/24 17:49:18:313 CEST] 000000b6 ServerCache   I   DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1071I: The cache provider "default" is being used.

[8/1/24 17:49:18:314 CEST] 000000b6 ServerCache   I   DYNA1071I: The cache provider "default" is being used.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Setting default time to live on map to [7200] seconds.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Dynamic cache initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Cache will be managed by DynaCache.  Session cache customizing TAI properties will be ignored.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  initDynamicCache returns [not null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  init Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig >  getInstance() Entry
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig <  getInstance() returns [null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 SessionCache  <  initCache Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getNewRandom(hashOutput[false] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getRandomNumber(size[130] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      <  getRandomNumber() Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], useHash[false]) Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], algorithm[SHA-256], charset[UTF-8]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      >  removeTokenSeparators(inString[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  removeTokenSeparators returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  getNewRandom returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  ==> new SessionData Oauth:_cacheIndex[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  createData(dynaCacheEnabled[true], stateData[null], jsonString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}], rpConfig[not null], oauthPath[true]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  processJSON(JSONString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}],rpConfig[not null],initial[false]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[token_type],defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], required[false]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  isStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[true]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      3   hasClaim(obj,claimName) returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  isStringClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [Bearer] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[refresh_token],defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonLong(jobj[com.google.gson.JsonObject],key[expires_in],defaultValue[0]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[expires_in],required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getJsonValue returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonLong returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 RelyingPartyC 3   isAccessTokenRequired returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[id_token],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[id_token], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[scope], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[scope], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[scope], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 SessionData   >  setAccessToken(token [not null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  uncacheAsAccessToken Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  uncacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getAccessTokenIsJwt returns [false]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  setUserInfo (rpConfig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getUserinfoEndpointEnabled returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC >  getUserinfoEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC <  getUserinfoEndpoint returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getIdentityObject returns [null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setUserInfo returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setAccessToken Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  setExpirationTime(rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC 3   getOverrideIdTokenExp returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   idToken has no expiration time; defaulting to time to live to [7200] seconds.
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   _expirationTime[1722534558324]
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   SessionData Expiration Time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setExpirationTime Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  processJSON Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkAcrValues(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkAcrValues Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkBasicStartAuthorization(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkBasicStartAuthorization Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheMain Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getRemainingTimeToLiveSecs Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getExpirationTime() Entry
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   Expiration time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getExpirationTime returns [1722534558324] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getRemainingTimeToLiveSecs returns [7200] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   Caching in DynaCache with lifetime/timetolive [7200]; -1 means the entry does not time out.
[8/1/24 17:49:18:324 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  cacheMain Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      >  decode(encInput[eyJ0eXAiOiJKV1QiLCJub25jZSI6InZGRmFkZ0xtRXRqcGRVRVRfV0ZTT0tjQ3A2blFkQ3lISEttcHZ2YWwzUzQiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyIsImtpZCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyJ9]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:326 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getAccTokCacheAlias returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  createData() stateId=[null], sessionCookieId:cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  ==> new SessionData[com.ibm.ws.security.oidc.client.SessionData(isOauth=[true], cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo], cfgIndex=[0], expirationTime=[1722534558324], accessTokenExpiresIn=[1722530957321], identityObject=[null], idToken=[null], idTokenEnc=[null], iAccessToken=[null], accessToken=[null], oauthAccessToken=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx], refreshToken=[null], jwtClaims=[null], tokenType=[Bearer], scope=[null], userInfo=[null], iResponse=[null], basicAuthHeader=[null], verifiedJwt=[0], protectedUrl=[null], protectedUrlMethod=[null], parameterMap=[null], stateId=[null], dynamicCacheEnabled=[true])] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionCache  <  createEntry returns [not null] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getOauthResponse returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getClientCredentialsGrantAccessToken returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   Resetting invoked: null and received: nullsubjects
[8/1/24 17:49:18:343 CEST] 000000b6 WebSecurityCo 3   Getting pushed security value "true" for: com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   postInvoke popped resource oss-api-ear of type Application
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 <null>
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 18:11:40:170 CEST] 000000d9 ThreadPool    1   Exanding buffer of ThreadPool sonOutThreadPool by 5

------------------------------
Petre Petreski

Original Message:
Sent: Thu August 01, 2024 08:32 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

We're looking for the properties that are sent to core security to login, not the TAI properties.  For example:

When you say that the LTPA cookie isn't created, do you mean that it isn't in the browser at all, or that it isn't sent on the request to the getCaseList endpoint?

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 11:15 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Barbara,

my OIDC version is 1.4.0 and WAS 8.5.5.23, I think that it is not so old.

This what I have in the trace log:

[7/31/24 16:49:13:844 CEST] 000000ac OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[7/31/24 16:49:13:844 CEST] 000000ac RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]

I have sucessfully got the access token but the ltp2 cookie is not returned.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 10:13 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

This is the TAI config for your Spring Boot cluster, the Spring Boot app is in the filter, it is intercepted, you login and you do not get the LTPA?  If so, I suggest that you do the following:

1. Make sure that you are running 8.5.5.26, 9.0.5.20, or have OIDC 1.5.3 installed so that you are running the latest OIDC TAI.
2. Gather an OIDC trace of your Spring Boot login.  You can follow the instructions in the SSO Mustgather
3. When your login is complete, search for the 2nd entry for PROCESS COMPLETE. 
   • Either shortly before or after that entry, you should see the list of properties that we send to core security to construct the Subject.  One of the properties is setLtpaCookie.  To get the LTPA cookie, the property should be set to true.   Is that what you see?

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 09:41 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I added the provider_(id).setLtpaCookie=true (as per the official documentation it is set by default to true) property and restarted the server.

Again the LTPA cookie has not been created:

here is the configuration of the TAI:

Let me explain again the situation:

I have deployed Spring boot app to Cluster1 of the WebSphere cell. I have configured TAI for that application using callback url because it is a WEB app and users enter their credentials to the Microsoft login page. It works perfectly. 

Now, I have another spring boot app deployed to Cluster2 on the same WebSphere cell, which is a REST API, and again I have configured TAI (above image for provider_7) and authentication is being done by client_id and secert_id without redirection to Microsoft login page. My goal is to be able to consume endpoints exposed in the app at the cluster1 from the REST API at cluster2   authenticating by ltpa2 cookie because the app at cluster1 expects it.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 08:27 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hi Petre,

I see your Bearer token coming in.  However, you have no introspection endpoint so to token was not sent out for introspection. The trace is not complete so I cannot see the discovery output.  Did you configure the discovery endpoint for this config or did you configure the endpoints separately.  If you hit the discovery endpoint in a browser, is there an introspection endpoint listed?

Edit: I just hit the MS Azure common discovery endpoint, https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration, and there is no introspection endpoint. Investigating.

Edit2: There is no introspection endpoint in Azure.  I don't understand why they would issue tokens if you can't verify them.  However, they say that you can locally verify JWTs.  I can't tell if your token is a JWT because you deleted it.  Is it?  If so, follow these instructions:

Configuring authentication with JSON Web Tokens (JWT)

------------------------------
Barbara Jensen

Original Message:
Sent: Fri August 02, 2024 11:04 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

What kind of configuration should be done  in OIDC TAI in order to authenticate by bearer token ?

I tried to access the protected url /ossapi/entry by providing BEARER token in headers  but seems  that the filter in TAI intercepts the request. However, it seems that is not authorized and most probably this is the reason that it does not create LTPA. First of all I need to make sure that I am able to authenticate by BEARER token. How can I prove it?

Please find the trace log (tarce_TAI.log) as an attachment.

Thank you very much for your help!

------------------------------
Petre Petreski

Original Message:
Sent: Thu August 01, 2024 03:53 PM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

As I said earlier, just obtaining the OAuth token does not create the LTPA cookie.  The helper APIs are just convenience methods that do not prompt the TAI to login (and thus create cookies).  The LTPA cookie is created when you login to your Spring Boot application that is protected by the TAI. This is the config entry that needs provider_(id).setLtpaCookie=true . 

If your Spring Boot application is no longer protected by the TAI, then you'll need to protect getCaseList with the TAI, then send the OAuth token that you received on the Authorization header of the HTTP request.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu August 01, 2024 01:28 PM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I have the folllwing log trace config:

*=info: com.ibm.ws.security.web.*=all: com.ibm.ws.security.oidc.*=all: com.ibm.ws.security.openidconnect.*=all: com.ibm.ws.security.openid20.*=all: com.ibm.ws.security.saml.*=all: com.ibm.websphere.wssecurity.*=all: com.ibm.ws.wssecurity.*=all: com.ibm.ws.wssecurity.platform.audit.*=off: SamlCommandProviderImpl=all: com.ibm.ws.security.oauth20.*=all: com.ibm.oauth.*=all

I successfully get an acces_token with 

OauthClientHelper.getClientCredentialsGrantAccessToken()  but LTPA has not been returned in a postman/browser

this is the log:

[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Look for a config entry that contains [grantType=CLIENT_CREDENTIALS] or [all]:
[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Processing provider number [0]
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 OauthHelper   3   Processing provider number [1]
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [2]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [3]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [4]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [5]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [6]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 OauthHelper   3   Initialize the config object for [grantType=CLIENT_CREDENTIALS]:
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  initialize(props[not null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[identifier],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(identifier) returns [ossapi] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC 3   ==> Processing config for provider identifier [ossapi]
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJwtFromRequest],defaultValue[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJwtFromRequest) returns [no] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateUseJwtFromRequestProperty(no) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  isFalse(String flag[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateUseJwtFromRequestProperty returns [NO] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  getDiscoveryProperties Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[discoveryEndpointUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(discoveryEndpointUrl) returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useDiscovery) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDiscovery],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDiscovery) returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 RelyingPartyC >  processDiscovery Entry
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  getDiscoveryEndpointEntry(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  processDiscovery Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeDiscovery(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO DISCOVERY ENDPOINT ON OP
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[GET], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], contents[null], rpConfig[null], ltpaCookie[null], authnRequired[false], token[null]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   rpConfig [null]
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   contents [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   GET Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[GET],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:052 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM DISCOVERY ENDPOINT
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeDiscovery returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:144 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[issuer]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[authorization_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[token_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[userinfo_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://graph.microsoft.com/oidc/userinfo] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[revocation_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[jwks_uri]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[introspection_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[end_session_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[id_token_signing_alg_values_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[id_token_signing_alg_values_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [RS256] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      >  getTokenEndpointAuthMethod(json[com.google.gson.JsonObject]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[token_endpoint_auth_methods_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[token_endpoint_auth_methods_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [client_secret_post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      <  getTokenEndpointAuthMethod returns [post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      3   Values obtained from discovery: (issuerIdentifier[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint[null], introspectEndpoint[null], endSessionEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], jwkEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], idtokenSigningAlg[RS256])
[8/1/24 17:49:18:155 CEST] 000000b6 JwKRetriever  3   JwKRetriever(jwkEndpointUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      >  cache Entry
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Caching entry for discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Adding alias entry for issuer[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  cache Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  processDiscovery Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  getDiscoveryEndpointEntry returns [com.ibm.ws.security.oidc.client.OPConfig [discoveryUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint=[null], jwkEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], introspectEndpoint=[null], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], idtokenSigningAlg=[RS256], tokenEndpointAuthMethod=[post], verifyIssuerInIat=[false], jwkRetriever=[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]]]) Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OPConfig      3   getJwKRetriever returns[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processDiscovery Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  getDiscoveryProperties Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmAllowList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmAllowList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmDenyList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmDenyList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC >  processSignatureAlgorithmProps(allowList[null],denyList[null]): idtokenSigningAlg[null] Entry
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for signAlg conflict with allowlist/denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for allowlist/denylist conflict
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for HS256 in allowlist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check if HS256 needs to be added to denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Setting signatureAlgorithmDenyList to HS256.
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       >  parseUris(uris[HS256]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [1] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processSignatureAlgorithmProps: idtokenSigningAlg[null], sigAllowList[], sigDenyList[[HS256]] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientId],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getProperty returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, verifyIssuerInIat) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[verifyIssuerInIat],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(verifyIssuerInIat) returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, setLtpaCookie) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[setLtpaCookie],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(setLtpaCookie) returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clientSecret) returns [not null] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], password[not null]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[interceptedPathFilter]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[interceptedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(interceptedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[excludedPathFilter]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[excludedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(excludedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[filter],defaultValue[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(filter) returns [request-url^=oss-dev.test-era.europa.eu/oss-api] Exit
[8/1/24 17:49:18:159 CEST] 000000b6 CommonHTTPHea >  init s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   setConfiguredFilterString [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Number of OR conditions: [1]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea >  buildAndCondition s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Processing condition [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   isValid
                                 Adding request-url ^= oss-dev.test-era.europa.eu/oss-api
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea <  buildAndCondition returns [not null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   Configured filter [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea <  init returns [true] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   setProcessAll [false]
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jsonWebKeyFile],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jsonWebKeyFile) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[trustStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(trustStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signVerifyAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signVerifyAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[keyStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(keyStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptKeyPassword],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptKeyPassword) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[loginErrorUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(loginErrorUrl) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, sendOpErrorParamsToLoginErrorUrl) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sendOpErrorParamsToLoginErrorUrl],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sendOpErrorParamsToLoginErrorUrl) returns [false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, userinfoEndpointEnabled) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userinfoEndpointEnabled],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userinfoEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isFalse(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionEndpointEnabled) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionEndpointEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionRedirectUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionRedirectUrl) returns [null] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionUseLogoutExitPage) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionUseLogoutExitPage],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionUseLogoutExitPage) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpsRequired) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpsRequired],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpsRequired) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpOnly) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpOnly],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpOnly) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[groupIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(groupIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userIdentifier) returns [oid] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[uniqueUserIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(uniqueUserIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[realmIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(realmIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, useDefaultIdentifierFirst) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDefaultIdentifierFirst],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDefaultIdentifierFirst) returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIntProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIntProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[callbackServletContext],defaultValue[/oidcclient]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(callbackServletContext) returns [/oidcclient] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[redirectToRPHostAndPort],defaultValue[null]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(redirectToRPHostAndPort) returns [null] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, includePortInDefaultRedirectUrl) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[includePortInDefaultRedirectUrl],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(includePortInDefaultRedirectUrl) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, refreshExpiredAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshExpiredAccessToken],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshExpiredAccessToken) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeAccessToken],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeAccessToken) returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeTokensOnCacheEviction) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeTokensOnCacheEviction],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeTokensOnCacheEviction) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[responseType],validValues[not null],defaultValue[code],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(responseType) returns [code] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, nonceEnabled) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[nonceEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(nonceEnabled) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clockSkew],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clockSkew) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[clockSkew], strValue[null], defValue[180] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [180] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshBeforeAccessTokenExpiresTime],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshBeforeAccessTokenExpiresTime) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[refreshBeforeAccessTokenExpiresTime], strValue[null], defValue[0] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [0] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sessionCacheTimeoutMinutes],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sessionCacheTimeoutMinutes) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC 3   setSessionTimeoutMillis(timeToExpire[null])
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC <  setSessionTimeoutMillis Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, tokenReuse) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[tokenReuse],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(tokenReuse) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[audiences]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[audiences],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(audiences) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[headerName],defaultValue[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(headerName) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowImplicitClientFlow) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowImplicitClientFlow],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowImplicitClientFlow) returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, createSession) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[createSession],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(createSession) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [true] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, encodeNewline) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeNewline],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeNewline) returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, mapIdentityToRegistryUser) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[mapIdentityToRegistryUser],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(mapIdentityToRegistryUser) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentType],defaultValue[text/html; charset=UTF-8]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentType) returns [text/html; charset=UTF-8] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(scope) returns [https://graph.microsoft.com/.default] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, encodeParameters) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeParameters],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeParameters) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectEndpointMethod],defaultValue[post]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectEndpointMethod) returns [post] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useRealm],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useRealm) returns [defaultWIMFileBasedRealm] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentSecurityPolicy],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentSecurityPolicy) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useJavaScript) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJavaScript],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJavaScript) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[null], password[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, accessTokenIsJwt) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[accessTokenIsJwt],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(accessTokenIsJwt) returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[resource],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(resource) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useIssuer) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useIssuer],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useIssuer) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowJwtIssuerSelection) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowJwtIssuerSelection],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowJwtIssuerSelection) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC 3   getOauthFlow returns [true]
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, usePkce) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[usePkce],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(usePkce) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC <  initialize Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getConfigOffline returns [not null] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfigOffline Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeOauthFlow(rpConfig[not null], username[null], password[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getTokenEndpoint returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getRpScope returns [https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       >  urlEncode Entry
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       3   value[https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       <  urlEncode returns [true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  addClientIdAndSecret Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientId returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientIdEncoded returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU <  addClientIdAndSecret; secretAdded[true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO TOKEN ENDPOINT ON OP FOR OAUTH FLOW
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[POST], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], contents[java.lang.String], rpConfig[not null], ltpaCookie[null], authnRequired[true], token[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   contents [grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx&client_secret=xxxxxxx]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   POST Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[POST],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getRevokeEndpointEnabled returns [false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC >  getRevokeEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC <  getRevokeEndpoint returns [null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getJwkEndpointUrl returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isRevokeEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isJwkEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getTokenEndpointAuthMethod returns [post]
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM TOKEN ENDPOINT FOR OAUTH FLOW
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeOauthFlow returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  createEntry(jsonString[not null], rpConfig[not null]) Entry
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  initCache Entry
[8/1/24 17:49:18:274 CEST] 000000b6 DynaCacheUtil >  init(maxSessionCacheSize[10000], jndiCacheName[null], clusterCaching[true]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil >  initDynamicCache(jndiCacheName[null], clusterCaching[true], cacheSize[10000]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   Cache size is doubled when using DynaCache to account for two cache entries for each session due to aliasing.
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   cacheSize[10000], dynCacheSize[20000]
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] c.i.w.r.component.MultibrokerDomainImpl  : CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster

[8/1/24 17:49:18:302 CEST] 000000b6 MultibrokerDo E   CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] com.ibm.ws.cache.CacheServiceImpl        : Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.

[8/1/24 17:49:18:313 CEST] 000000b6 CacheServiceI E   Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.

[8/1/24 17:49:18:313 CEST] 000000b6 ServerCache   I   DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1071I: The cache provider "default" is being used.

[8/1/24 17:49:18:314 CEST] 000000b6 ServerCache   I   DYNA1071I: The cache provider "default" is being used.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Setting default time to live on map to [7200] seconds.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Dynamic cache initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Cache will be managed by DynaCache.  Session cache customizing TAI properties will be ignored.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  initDynamicCache returns [not null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  init Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig >  getInstance() Entry
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig <  getInstance() returns [null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 SessionCache  <  initCache Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getNewRandom(hashOutput[false] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getRandomNumber(size[130] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      <  getRandomNumber() Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], useHash[false]) Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], algorithm[SHA-256], charset[UTF-8]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      >  removeTokenSeparators(inString[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  removeTokenSeparators returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  getNewRandom returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  ==> new SessionData Oauth:_cacheIndex[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  createData(dynaCacheEnabled[true], stateData[null], jsonString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}], rpConfig[not null], oauthPath[true]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  processJSON(JSONString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}],rpConfig[not null],initial[false]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[token_type],defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], required[false]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  isStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[true]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      3   hasClaim(obj,claimName) returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  isStringClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [Bearer] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[refresh_token],defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonLong(jobj[com.google.gson.JsonObject],key[expires_in],defaultValue[0]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[expires_in],required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getJsonValue returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonLong returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 RelyingPartyC 3   isAccessTokenRequired returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[id_token],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[id_token], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[scope], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[scope], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[scope], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 SessionData   >  setAccessToken(token [not null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  uncacheAsAccessToken Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  uncacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getAccessTokenIsJwt returns [false]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  setUserInfo (rpConfig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getUserinfoEndpointEnabled returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC >  getUserinfoEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC <  getUserinfoEndpoint returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getIdentityObject returns [null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setUserInfo returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setAccessToken Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  setExpirationTime(rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC 3   getOverrideIdTokenExp returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   idToken has no expiration time; defaulting to time to live to [7200] seconds.
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   _expirationTime[1722534558324]
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   SessionData Expiration Time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setExpirationTime Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  processJSON Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkAcrValues(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkAcrValues Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkBasicStartAuthorization(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkBasicStartAuthorization Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheMain Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getRemainingTimeToLiveSecs Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getExpirationTime() Entry
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   Expiration time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getExpirationTime returns [1722534558324] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getRemainingTimeToLiveSecs returns [7200] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   Caching in DynaCache with lifetime/timetolive [7200]; -1 means the entry does not time out.
[8/1/24 17:49:18:324 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  cacheMain Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      >  decode(encInput[eyJ0eXAiOiJKV1QiLCJub25jZSI6InZGRmFkZ0xtRXRqcGRVRVRfV0ZTT0tjQ3A2blFkQ3lISEttcHZ2YWwzUzQiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyIsImtpZCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyJ9]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:326 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getAccTokCacheAlias returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  createData() stateId=[null], sessionCookieId:cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  ==> new SessionData[com.ibm.ws.security.oidc.client.SessionData(isOauth=[true], cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo], cfgIndex=[0], expirationTime=[1722534558324], accessTokenExpiresIn=[1722530957321], identityObject=[null], idToken=[null], idTokenEnc=[null], iAccessToken=[null], accessToken=[null], oauthAccessToken=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx], refreshToken=[null], jwtClaims=[null], tokenType=[Bearer], scope=[null], userInfo=[null], iResponse=[null], basicAuthHeader=[null], verifiedJwt=[0], protectedUrl=[null], protectedUrlMethod=[null], parameterMap=[null], stateId=[null], dynamicCacheEnabled=[true])] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionCache  <  createEntry returns [not null] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getOauthResponse returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getClientCredentialsGrantAccessToken returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   Resetting invoked: null and received: nullsubjects
[8/1/24 17:49:18:343 CEST] 000000b6 WebSecurityCo 3   Getting pushed security value "true" for: com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   postInvoke popped resource oss-api-ear of type Application
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 <null>
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 18:11:40:170 CEST] 000000d9 ThreadPool    1   Exanding buffer of ThreadPool sonOutThreadPool by 5

------------------------------
Petre Petreski

Original Message:
Sent: Thu August 01, 2024 08:32 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

We're looking for the properties that are sent to core security to login, not the TAI properties.  For example:

When you say that the LTPA cookie isn't created, do you mean that it isn't in the browser at all, or that it isn't sent on the request to the getCaseList endpoint?

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 11:15 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Barbara,

my OIDC version is 1.4.0 and WAS 8.5.5.23, I think that it is not so old.

This what I have in the trace log:

[7/31/24 16:49:13:844 CEST] 000000ac OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[7/31/24 16:49:13:844 CEST] 000000ac RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[-1732232926: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[null], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]

I have sucessfully got the access token but the ltp2 cookie is not returned.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 10:13 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

This is the TAI config for your Spring Boot cluster, the Spring Boot app is in the filter, it is intercepted, you login and you do not get the LTPA?  If so, I suggest that you do the following:

1. Make sure that you are running 8.5.5.26, 9.0.5.20, or have OIDC 1.5.3 installed so that you are running the latest OIDC TAI.
2. Gather an OIDC trace of your Spring Boot login.  You can follow the instructions in the SSO Mustgather
3. When your login is complete, search for the 2nd entry for PROCESS COMPLETE. 
   • Either shortly before or after that entry, you should see the list of properties that we send to core security to construct the Subject.  One of the properties is setLtpaCookie.  To get the LTPA cookie, the property should be set to true.   Is that what you see?

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 09:41 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I added the provider_(id).setLtpaCookie=true (as per the official documentation it is set by default to true) property and restarted the server.

Again the LTPA cookie has not been created:

here is the configuration of the TAI:

Let me explain again the situation:

I have deployed Spring boot app to Cluster1 of the WebSphere cell. I have configured TAI for that application using callback url because it is a WEB app and users enter their credentials to the Microsoft login page. It works perfectly. 

Now, I have another spring boot app deployed to Cluster2 on the same WebSphere cell, which is a REST API, and again I have configured TAI (above image for provider_7) and authentication is being done by client_id and secert_id without redirection to Microsoft login page. My goal is to be able to consume endpoints exposed in the app at the cluster1 from the REST API at cluster2   authenticating by ltpa2 cookie because the app at cluster1 expects it.

------------------------------
Petre Petreski

Original Message:
Sent: Wed July 31, 2024 08:27 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

Just obtaining the OAuth token does not create the LTPA cookie.  You'll need to add the OAuth token that you receive from the API to the Authorization header of the HTTP request that you send to getCaseList.

You say that your main Spring Boot web application is protected by the TAI.  I didn't notice that because it didn't show up in your filter property.  If it is, try adding provider_(id).setLtpaCookie=true to the TAI config entry for your Spring Boot app, then don't have an entry for getCaseList.

------------------------------
Barbara Jensen

Original Message:
Sent: Wed July 31, 2024 08:01 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I made a decision to use authentication by using client_id and seecret (grant_type = client_credentials) and used OauthClientHelper.getClientCredentialsGrantAccessToken() method from the OauthClientHelper API. I have successfully obtained an access token.

My question now is, why it does not generate LtpaToken2 cookie ? I need this cookie since I want to access another resource from an application deployed  to same WebSphere cell. It is a web application I want to consume some of the exposed endpoints (purpose: reusing the logic) there and it expects LtpaToken2 cookie which is actually not generated along with the token.

Thank you!

------------------------------
Petre Petreski

Original Message:
Sent: Fri July 26, 2024 09:05 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre, If you have the username and password of the user, you can obtain a password grant access token using the OauthClientHelper API.  Then you make a call to your protected endpoint with the access token in the Authorization header of the HTTP request.  This will make the OIDC TAI perform introspection instead of going down the path that requires interactive login.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu July 25, 2024 06:45 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Dear community members,

I have successfully configured the com.ibm.ws.security.oidc.client.RelyingParty interceptor for my Spring Boot web application, and the authentication works seamlessly.

When I try to access a protected resource that is not included in the excludedPath filter, I am redirected to the Microsoft login page. After entering the credentials and upon successful authentication, I am redirected back to the requested resource as an authenticated user.

Now, I want to configure  almost the same with another Spring boot application but it does nor have frontend part it is just a REST API and no user interaction, meaning that redirection to the Microsoft login page is not an acceptable option. It should be done programmatically and I imagine the following steps:

1. User calls unprotected https://hostname/v1/api/token , providing username and password (azure app registration is created with ROPC) and WebSphere returns LtpaToken2 cookie
2. Users calls a protected url https://hostname/v1/api/getCaseList providing the Ltpa2Token cookie got from the previous call

How should be configured the OIDC to handle above requests ? I would like to avoid user interaction of passing usr/pass in webform, The credentials will be provided in the body and authentication against Azure will be done by the username and password  provided by the user and clientId and secret configured in the TAI.

Currently I have the following configuration in my interceptor:

Thank you very much for your support!

------------------------------
Petre Petreski
------------------------------

Hi Petre,

I see your Bearer token coming in.  However, you have no introspection endpoint so to token was not sent out for introspection. The trace is not complete so I cannot see the discovery output.  Did you configure the discovery endpoint for this config or did you configure the endpoints separately.  If you hit the discovery endpoint in a browser, is there an introspection endpoint listed?

Edit: I just hit the MS Azure common discovery endpoint, https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration, and there is no introspection endpoint. Investigating.

Edit2: There is no introspection endpoint in Azure.  I don't understand why they would issue tokens if you can't verify them.  However, they say that you can locally verify JWTs.  I can't tell if your token is a JWT because you deleted it.  Is it?  If so, follow these instructions:

Configuring authentication with JSON Web Tokens (JWT)

------------------------------
Barbara Jensen

Original Message:
Sent: Fri August 02, 2024 11:04 AM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

What kind of configuration should be done  in OIDC TAI in order to authenticate by bearer token ?

I tried to access the protected url /ossapi/entry by providing BEARER token in headers  but seems  that the filter in TAI intercepts the request. However, it seems that is not authorized and most probably this is the reason that it does not create LTPA. First of all I need to make sure that I am able to authenticate by BEARER token. How can I prove it?

Please find the trace log (tarce_TAI.log) as an attachment.

Thank you very much for your help!

------------------------------
Petre Petreski

Original Message:
Sent: Thu August 01, 2024 03:53 PM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hi Petre,

As I said earlier, just obtaining the OAuth token does not create the LTPA cookie.  The helper APIs are just convenience methods that do not prompt the TAI to login (and thus create cookies).  The LTPA cookie is created when you login to your Spring Boot application that is protected by the TAI. This is the config entry that needs provider_(id).setLtpaCookie=true . 

If your Spring Boot application is no longer protected by the TAI, then you'll need to protect getCaseList with the TAI, then send the OAuth token that you received on the Authorization header of the HTTP request.

------------------------------
Barbara Jensen

Original Message:
Sent: Thu August 01, 2024 01:28 PM
From: Petre Petreski
Subject: Authenticate using OIDC TAI programmatically - No redirection

Hello Barbara,

I have the folllwing log trace config:

*=info: com.ibm.ws.security.web.*=all: com.ibm.ws.security.oidc.*=all: com.ibm.ws.security.openidconnect.*=all: com.ibm.ws.security.openid20.*=all: com.ibm.ws.security.saml.*=all: com.ibm.websphere.wssecurity.*=all: com.ibm.ws.wssecurity.*=all: com.ibm.ws.wssecurity.platform.audit.*=off: SamlCommandProviderImpl=all: com.ibm.ws.security.oauth20.*=all: com.ibm.oauth.*=all

I successfully get an acces_token with 

OauthClientHelper.getClientCredentialsGrantAccessToken()  but LTPA has not been returned in a postman/browser

this is the log:

[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Look for a config entry that contains [grantType=CLIENT_CREDENTIALS] or [all]:
[8/1/24 17:49:18:039 CEST] 000000b6 OauthHelper   3   Processing provider number [0]
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:041 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:043 CEST] 000000b6 OauthHelper   3   Processing provider number [1]
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:043 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [2]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [3]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [4]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [5]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [null] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(null) Entry
[8/1/24 17:49:18:044 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [NONE] Exit
[8/1/24 17:49:18:044 CEST] 000000b6 OauthHelper   3   Processing provider number [6]
[8/1/24 17:49:18:044 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:045 CEST] 000000b6 OauthHelper   3   Initialize the config object for [grantType=CLIENT_CREDENTIALS]:
[8/1/24 17:49:18:045 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  initialize(props[not null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[identifier],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(identifier) returns [ossapi] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC 3   ==> Processing config for provider identifier [ossapi]
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[grantType],validValues[not null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(grantType) returns [client_credentials] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateGrantTypeFromRequestProperty(client_credentials) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateGrantTypeFromRequestProperty returns [CLIENT_CREDENTIALS] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJwtFromRequest],defaultValue[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJwtFromRequest) returns [no] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  evaluateUseJwtFromRequestProperty(no) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  isFalse(String flag[no]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC <  evaluateUseJwtFromRequestProperty returns [NO] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 RelyingPartyC >  getDiscoveryProperties Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[discoveryEndpointUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      <  getOptionalProperty(discoveryEndpointUrl) returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration] Exit
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useDiscovery) Entry
[8/1/24 17:49:18:046 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDiscovery],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDiscovery) returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:047 CEST] 000000b6 RelyingPartyC >  processDiscovery Entry
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  getDiscoveryEndpointEntry(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC >  RelyingPartyConfig(globalCookieSize[4093]) Entry
[8/1/24 17:49:18:048 CEST] 000000b6 RelyingPartyC <  RelyingPartyConfig Exit
[8/1/24 17:49:18:048 CEST] 000000b6 OPConfig      >  processDiscovery Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeDiscovery(discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO DISCOVERY ENDPOINT ON OP
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[GET], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], contents[null], rpConfig[null], ltpaCookie[null], authnRequired[false], token[null]) Entry
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   rpConfig [null]
[8/1/24 17:49:18:050 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   contents [null]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU 3   GET Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[GET],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]) Entry
[8/1/24 17:49:18:051 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:052 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:141 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM DISCOVERY ENDPOINT
[8/1/24 17:49:18:142 CEST] 000000b6 RelyingPartyU <  invokeDiscovery returns [{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:144 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token","token_endpoint_auth_methods_supported":["client_secret_post","private_key_jwt","client_secret_basic"],"jwks_uri":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys","response_modes_supported":["query","fragment","form_post"],"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"response_types_supported":["code","id_token","code id_token","id_token token"],"scopes_supported":["openid","profile","email","offline_access"],"issuer":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0","request_uri_parameter_supported":false,"userinfo_endpoint":"https://graph.microsoft.com/oidc/userinfo","authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize","device_authorization_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/devicecode","http_logout_supported":true,"frontchannel_logout_supported":true,"end_session_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout","claims_supported":["sub","iss","cloud_instance_name","cloud_instance_host_name","cloud_graph_host_name","msgraph_host","aud","exp","iat","auth_time","acr","nonce","preferred_username","name","tid","ver","at_hash","c_hash","email"],"kerberos_endpoint":"https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/kerberos","tenant_region_scope":"EU","cloud_instance_name":"microsoftonline.com","cloud_graph_host_name":"graph.windows.net","msgraph_host":"graph.microsoft.com","rbac_url":"https://pas.windows.net"}] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[issuer]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[authorization_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[token_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[userinfo_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://graph.microsoft.com/oidc/userinfo] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[revocation_endpoint]) Entry
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:152 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[jwks_uri]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[introspection_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [null] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonString(json, key[end_session_endpoint]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonString returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[id_token_signing_alg_values_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[id_token_signing_alg_values_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [RS256] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      >  getTokenEndpointAuthMethod(json[com.google.gson.JsonObject]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getFromJsonArray(json, key[token_endpoint_auth_methods_supported], allowedValues) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      >  getJsonArray(json, key[token_endpoint_auth_methods_supported]) Entry
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getJsonArray returns [com.google.gson.JsonArray] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 JSONUtil      <  getFromJsonArray returns [client_secret_post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      <  getTokenEndpointAuthMethod returns [post] Exit
[8/1/24 17:49:18:153 CEST] 000000b6 OPConfig      3   Values obtained from discovery: (issuerIdentifier[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint[null], introspectEndpoint[null], endSessionEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], jwkEndpoint[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], idtokenSigningAlg[RS256])
[8/1/24 17:49:18:155 CEST] 000000b6 JwKRetriever  3   JwKRetriever(jwkEndpointUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      >  cache Entry
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Caching entry for discoveryUrl[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      3   Adding alias entry for issuer[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0]
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  cache Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  processDiscovery Exit
[8/1/24 17:49:18:155 CEST] 000000b6 OPConfig      <  getDiscoveryEndpointEntry returns [com.ibm.ws.security.oidc.client.OPConfig [discoveryUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], revokeEndpoint=[null], jwkEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys], introspectEndpoint=[null], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], idtokenSigningAlg=[RS256], tokenEndpointAuthMethod=[post], verifyIssuerInIat=[false], jwkRetriever=[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]]]) Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OPConfig      3   getJwKRetriever returns[com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processDiscovery Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  getDiscoveryProperties Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmAllowList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmAllowList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signatureAlgorithmDenyList],defaultValue[null]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signatureAlgorithmDenyList) returns [null] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC >  processSignatureAlgorithmProps(allowList[null],denyList[null]): idtokenSigningAlg[null] Entry
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for signAlg conflict with allowlist/denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for allowlist/denylist conflict
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check for HS256 in allowlist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Check if HS256 needs to be added to denylist
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   Setting signatureAlgorithmDenyList to HS256.
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       >  parseUris(uris[HS256]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [1] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC <  processSignatureAlgorithmProps: idtokenSigningAlg[null], sigAllowList[], sigDenyList[[HS256]] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 RelyingPartyC 3   getJwtRequired returns [false]
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientId],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      <  getProperty returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, verifyIssuerInIat) Entry
[8/1/24 17:49:18:156 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[verifyIssuerInIat],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(verifyIssuerInIat) returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, setLtpaCookie) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[setLtpaCookie],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(setLtpaCookie) returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clientSecret) returns [not null] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], password[not null]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxx=] Exit
[8/1/24 17:49:18:157 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[interceptedPathFilter]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[interceptedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:157 CEST] 000000b6 OidcUtil      <  getOptionalProperty(interceptedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[excludedPathFilter]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[excludedPathFilter],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(excludedPathFilter) returns [null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[filter],defaultValue[null]) Entry
[8/1/24 17:49:18:158 CEST] 000000b6 OidcUtil      <  getOptionalProperty(filter) returns [request-url^=oss-dev.test-era.europa.eu/oss-api] Exit
[8/1/24 17:49:18:159 CEST] 000000b6 CommonHTTPHea >  init s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   setConfiguredFilterString [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Number of OR conditions: [1]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea >  buildAndCondition s1[request-url^=oss-dev.test-era.europa.eu/oss-api] Entry
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   Processing condition [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea 3   isValid
                                 Adding request-url ^= oss-dev.test-era.europa.eu/oss-api
[8/1/24 17:49:18:160 CEST] 000000b6 CommonHTTPHea <  buildAndCondition returns [not null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   Configured filter [request-url^=oss-dev.test-era.europa.eu/oss-api]
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea <  init returns [true] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 CommonHTTPHea 3   setProcessAll [false]
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jsonWebKeyFile],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jsonWebKeyFile) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[trustStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(trustStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[signVerifyAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(signVerifyAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[keyStore],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(keyStore) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptAlias],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptAlias) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[decryptKeyPassword],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(decryptKeyPassword) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[loginErrorUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(loginErrorUrl) returns [null] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, sendOpErrorParamsToLoginErrorUrl) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sendOpErrorParamsToLoginErrorUrl],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sendOpErrorParamsToLoginErrorUrl) returns [false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, userinfoEndpointEnabled) Entry
[8/1/24 17:49:18:161 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userinfoEndpointEnabled],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userinfoEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isFalse(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isFalse returns [true] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionEndpointEnabled) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionEndpointEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionEndpointEnabled) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionRedirectUrl],defaultValue[null]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionRedirectUrl) returns [null] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, endSessionUseLogoutExitPage) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[endSessionUseLogoutExitPage],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(endSessionUseLogoutExitPage) returns [false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpsRequired) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpsRequired],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:162 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpsRequired) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, httpOnly) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[httpOnly],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(httpOnly) returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[groupIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(groupIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[userIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(userIdentifier) returns [oid] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[uniqueUserIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(uniqueUserIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[realmIdentifier],defaultValue[null]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(realmIdentifier) returns [null] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, useDefaultIdentifierFirst) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useDefaultIdentifierFirst],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useDefaultIdentifierFirst) returns [false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getIntProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093]) Entry
[8/1/24 17:49:18:163 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[postParameterCookieSize],defaultValue[4093],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIntProperty returns [4093] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[callbackServletContext],defaultValue[/oidcclient]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(callbackServletContext) returns [/oidcclient] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[redirectToRPHostAndPort],defaultValue[null]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(redirectToRPHostAndPort) returns [null] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, includePortInDefaultRedirectUrl) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[includePortInDefaultRedirectUrl],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(includePortInDefaultRedirectUrl) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, refreshExpiredAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshExpiredAccessToken],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshExpiredAccessToken) returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeAccessToken) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeAccessToken],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeAccessToken) returns [false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, revokeTokensOnCacheEviction) Entry
[8/1/24 17:49:18:164 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[revokeTokensOnCacheEviction],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(revokeTokensOnCacheEviction) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[responseType],validValues[not null],defaultValue[code],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(responseType) returns [code] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, nonceEnabled) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[nonceEnabled],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(nonceEnabled) returns [false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[clockSkew],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(clockSkew) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[clockSkew], strValue[null], defValue[180] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [180] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[refreshBeforeAccessTokenExpiresTime],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(refreshBeforeAccessTokenExpiresTime) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  processLongProperty(propName[refreshBeforeAccessTokenExpiresTime], strValue[null], defValue[0] Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  processLongProperty returns [0] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[sessionCacheTimeoutMinutes],defaultValue[null]) Entry
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      <  getOptionalProperty(sessionCacheTimeoutMinutes) returns [null] Exit
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC 3   setSessionTimeoutMillis(timeToExpire[null])
[8/1/24 17:49:18:165 CEST] 000000b6 RelyingPartyC <  setSessionTimeoutMillis Exit
[8/1/24 17:49:18:165 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, tokenReuse) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[tokenReuse],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(tokenReuse) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  getUris(props[not null],propertyName[audiences]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[audiences],validValues[null],defaultValue[null],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(audiences) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       >  parseUris(uris[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  parseUris returns array size = [0] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 UrlUtil       <  getUris returns array [not null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[headerName],defaultValue[null]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(headerName) returns [null] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowImplicitClientFlow) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowImplicitClientFlow],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowImplicitClientFlow) returns [false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, createSession) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[createSession],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  getOptionalProperty(createSession) returns [true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  isTrue(String flag[true]) Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[true] Exit
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [true] Entry
[8/1/24 17:49:18:166 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, encodeNewline) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeNewline],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeNewline) returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, mapIdentityToRegistryUser) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[mapIdentityToRegistryUser],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(mapIdentityToRegistryUser) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentType],defaultValue[text/html; charset=UTF-8]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentType) returns [text/html; charset=UTF-8] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(scope) returns [https://graph.microsoft.com/.default] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, encodeParameters) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[encodeParameters],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(encodeParameters) returns [false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectEndpointMethod],defaultValue[post]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectEndpointMethod) returns [post] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useRealm],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useRealm) returns [defaultWIMFileBasedRealm] Exit
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[contentSecurityPolicy],defaultValue[null]) Entry
[8/1/24 17:49:18:167 CEST] 000000b6 OidcUtil      <  getOptionalProperty(contentSecurityPolicy) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useJavaScript) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useJavaScript],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useJavaScript) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[introspectClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(introspectClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientId],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientId) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[jwkClientSecret],validValues[null],defaultValue[null],secret[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(jwkClientSecret) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU >  getBasicAuthHeader(userid[null], password[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 RelyingPartyU <  getBasicAuthHeader returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, accessTokenIsJwt) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[accessTokenIsJwt],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(accessTokenIsJwt) returns [false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[resource],defaultValue[null]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(resource) returns [null] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getIsFalseProperty(_map, useIssuer) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[useIssuer],validValues[not null],defaultValue[true],secret[false]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  getOptionalProperty(useIssuer) returns [true] Exit
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      >  isFalse(String flag[true]) Entry
[8/1/24 17:49:18:168 CEST] 000000b6 OidcUtil      <  isFalse returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getIsFalseProperty returns [true] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, allowJwtIssuerSelection) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[allowJwtIssuerSelection],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(allowJwtIssuerSelection) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC 3   getOauthFlow returns [true]
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty(_map, usePkce) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getProperty(props[not null],propertyName[usePkce],validValues[not null],defaultValue[false],secret[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  getOptionalProperty(usePkce) returns [false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  isTrue(String flag[false]) Entry
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      <  isTrue(String) returns boolean[false] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OidcUtil      >  getIsTrueProperty returns [false] Entry
[8/1/24 17:49:18:169 CEST] 000000b6 RelyingPartyC <  initialize Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getConfigOffline returns [not null] Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfigOffline Exit
[8/1/24 17:49:18:169 CEST] 000000b6 OauthHelper   <  getClientCredFlowConfig returns [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeOauthFlow(rpConfig[not null], username[null], password[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getTokenEndpoint returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getRpScope returns [https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       >  urlEncode Entry
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       3   value[https://graph.microsoft.com/.default]
[8/1/24 17:49:18:170 CEST] 000000b6 UrlUtil       <  urlEncode returns [true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  addClientIdAndSecret Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientId returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyC 3   getClientIdEncoded returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU <  addClientIdAndSecret; secretAdded[true] Exit
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: BEGINNING TO CALL OUT TO TOKEN ENDPOINT ON OP FOR OAUTH FLOW
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU >  invokeRequest(method[POST], url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], contents[java.lang.String], rpConfig[not null], ltpaCookie[null], authnRequired[true], token[null]) Entry
[8/1/24 17:49:18:170 CEST] 000000b6 RelyingPartyU 3   rpConfig [com.ibm.ws.security.oidc.client.RelyingPartyConfig(index=[0], providerId=[ossapi], initializationComplete=[true], accessTokenIsJwt=[false], accessTokenRequired=[true], acrValues=[null], allAudience=[false], allowImplicitTokenAuthentication=[false], allowJwtIssuerSelection=[false], audiences=[[]], authorizeEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/authorize], authorizeEndpointHasParameter=[false], authRequestIsImplicit=[false], cbServletContext=[/oidcclient], cbUri=[/oidcclient/ossapi], clientBasicAuth=[not null], clientId=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxx], clientSecret=[not null], contentSecurityPolicy=[null], contentSecurityPolicyHasNonce=[false], createHttpSession=[true], decryptAlias=[null], decryptKey=[null], decryptKeyPassword=[null], defaultRealmName=[defaultWIMFileBasedRealm], discoveredSignAlg=[RS256], discoveryEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0/.well-known/openid-configuration], encodeNewline=[true], endpointsInitialized=[false], endSessionEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/logout], endSessionEnabled=[false], endSessionRedirectUrl=[null], endSessionUseLogoutExitPage=[false], excludedPathFilter=[not null], grantType=[CLIENT_CREDENTIALS], headerName=[null], httpOnly=[true], idtokenSigningAlg=[null], includePortInDefaultRedirectUrl=[true], introspectClientId=[null], introspectClientSecret=[null], introspectEndpoint=[null], isRefreshEnabled=[true], issuerIdentifier=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/v2.0], jwkBasicAuth=[null], jwkClientId=[null], jwkClientSecret=[null], jwkRetriever=[401437140: com.ibm.ws.security.oidc.client.JwKRetriever(jwkEndpointUrl=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys])], keyStore=[null], keyStoreName=[null], loginErrorUrl=[null], loginErrorUrlHasParameter=[false], mapIdentityToRegistry=[false], nonceEnabled=[false], oauthFlow=[true], overrideIdTokenExp=[false], postParameterCookieSize=[4093], protectedContextPaths=[not null], resourceValue=[null], responseType=[code], responseTypeEnum=[CODE], revokeAccessToken=[false], revokeEndpoint=[null], revokeEndpointEnabled=[false], revokeTokensWhenEvicted=[false], rpCallbackHostAndPort=[null], RPCookieName=[OIDCSESSIONID_ossapi], rpScope=[https://graph.microsoft.com/.default], sendParamsTologinErrorUrl=[false], serverUrl=[null], sessionTimeoutMillis=[0], setLtpaCookie=[true], sigAllowList=[], sigDenyList=[[HS256]], signinCB=[null], signinCBEnc=[null], sslOnly=[true], stateCookieName=[OIDCSTATE_ossapi], tokenEndpoint=[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token], tokenEndpointAuthMethodIsPost=[true], tokenReuse=[true], trustStore=[null], uniqueUserIdentifier=[null], urlCookieName=[OIDCREQURL_ossapi], urlEncodeEnabled=[false], useDefaultIdentifierFirst=[false], useDiscovery=[true], useIssuer=[true], useJavaScript=[true], useJwt=[NO], useJwtFromRequest=[no], usePkce=[false], usePostForIntrospection=[true], useRealm=[defaultWIMFileBasedRealm], userIdentifier=[oid], userinfoEndpoint=[https://graph.microsoft.com/oidc/userinfo], userinfoEndpointEnabled=[false], verifyingAlias=[null], verifyIssuerInIat=[false])]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   ltpaCookie [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   token [null]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   contents [grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default&client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx&client_secret=xxxxxxx]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   POST Request to URL [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU >  getSecuredConnection(method[POST],url[https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/oauth2/v2.0/token]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU <  getSecuredConnection returns [not null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 SessionCache  3   getOpServerConnTimeout returns [20000])
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getRevokeEndpointEnabled returns [false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC >  getRevokeEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC <  getRevokeEndpoint returns [null] Exit
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getJwkEndpointUrl returns [https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/discovery/v2.0/keys]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isRevokeEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyU 3   isJwkEndpoint[false]
[8/1/24 17:49:18:171 CEST] 000000b6 RelyingPartyC 3   getTokenEndpointAuthMethod returns [post]
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response code: 200
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU >  getData(inStream[not null]) Entry
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  getData returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   Response output: {"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeRequest Exit
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU 3   ==> OIDC: RETURNED FROM TOKEN ENDPOINT FOR OAUTH FLOW
[8/1/24 17:49:18:272 CEST] 000000b6 RelyingPartyU <  invokeOauthFlow returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  createEntry(jsonString[not null], rpConfig[not null]) Entry
[8/1/24 17:49:18:273 CEST] 000000b6 SessionCache  >  initCache Entry
[8/1/24 17:49:18:274 CEST] 000000b6 DynaCacheUtil >  init(maxSessionCacheSize[10000], jndiCacheName[null], clusterCaching[true]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil >  initDynamicCache(jndiCacheName[null], clusterCaching[true], cacheSize[10000]) Entry
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   Cache size is doubled when using DynaCache to account for two cache entries for each session due to aliasing.
[8/1/24 17:49:18:275 CEST] 000000b6 DynaCacheUtil 3   cacheSize[10000], dynCacheSize[20000]
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] c.i.w.r.component.MultibrokerDomainImpl  : CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster

[8/1/24 17:49:18:302 CEST] 000000b6 MultibrokerDo E   CWWDR0008E: Runtime exception occured : Unable to locate Replication Domain: DynaCacheCluster
[8/1/24 17:49:18:313 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.313 ERROR 5136 --- [ebContainer : 0] com.ibm.ws.cache.CacheServiceImpl        : Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.

[8/1/24 17:49:18:313 CEST] 000000b6 CacheServiceI E   Replication domain for cache instance "ws/OIDCRPDistributedCacheMap" not found. Therefore, the cache replication is disabled.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.

[8/1/24 17:49:18:313 CEST] 000000b6 ServerCache   I   DYNA1001I: WebSphere Dynamic Cache instance named ws/OIDCRPDistributedCacheMap initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 SystemOut     O   2024-08-01 17:49:18.314  INFO 5136 --- [ebContainer : 0] com.ibm.ws.cache.ServerCache             : DYNA1071I: The cache provider "default" is being used.

[8/1/24 17:49:18:314 CEST] 000000b6 ServerCache   I   DYNA1071I: The cache provider "default" is being used.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Setting default time to live on map to [7200] seconds.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Dynamic cache initialized successfully.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   Cache will be managed by DynaCache.  Session cache customizing TAI properties will be ignored.
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  initDynamicCache returns [not null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil <  init Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig >  getInstance() Entry
[8/1/24 17:49:18:314 CEST] 000000b6 OidcTAIConfig <  getInstance() returns [null] Exit
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil 3   isDynamicCacheEnabled returns [true]
[8/1/24 17:49:18:314 CEST] 000000b6 DynaCacheUtil >  setupInvalidationListener Entry
[8/1/24 17:49:18:314 CEST] 000000b6 SessionCache  <  initCache Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getNewRandom(hashOutput[false] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  getRandomNumber(size[130] Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      <  getRandomNumber() Exit
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], useHash[false]) Entry
[8/1/24 17:49:18:317 CEST] 000000b6 OidcUtil      >  digest(input[not null], algorithm[SHA-256], charset[UTF-8]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  digest returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      >  removeTokenSeparators(inString[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo=]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  removeTokenSeparators returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 OidcUtil      <  getNewRandom returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  ==> new SessionData Oauth:_cacheIndex[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  createData(dynaCacheEnabled[true], stateData[null], jsonString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}], rpConfig[not null], oauthPath[true]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 SessionData   >  processJSON(JSONString[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}],rpConfig[not null],initial[false]) Entry
[8/1/24 17:49:18:319 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[token_type],defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], defaultValue[null]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], required[false]) Entry
[8/1/24 17:49:18:320 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  isStringClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[true]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[token_type], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      3   hasClaim(obj,claimName) returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  isStringClaim returns [true] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [Bearer]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [Bearer] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[refresh_token],defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], defaultValue[null]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[refresh_token], emitError[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getOptionalJsonLong(jobj[com.google.gson.JsonObject],key[expires_in],defaultValue[0]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[expires_in],required[false]) Entry
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getJsonValue returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      <  getOptionalJsonLong returns [3599] Exit
[8/1/24 17:49:18:321 CEST] 000000b6 RelyingPartyC 3   isAccessTokenRequired returns [true]
[8/1/24 17:49:18:321 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[id_token],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[id_token], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[id_token], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalJsonString(obj[com.google.gson.JsonObject],key[scope],defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getOptionalStringClaim(obj[com.google.gson.JsonObject], claimName[scope], defaultValue[null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  getStringClaim(obj[com.google.gson.JsonObject], claimName[scope], required[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  hasClaim(obj[com.google.gson.JsonObject], claimName[scope], emitError[false]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  hasClaim returns [false] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalStringClaim returns [null]) Exit
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      <  getOptionalJsonString(obj,key,defaultValue) returns [null] Exit
[8/1/24 17:49:18:322 CEST] 000000b6 SessionData   >  setAccessToken(token [not null]) Entry
[8/1/24 17:49:18:322 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  uncacheAsAccessToken Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  uncacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getAccessTokenIsJwt returns [false]
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:323 CEST] 000000b6 SessionData   >  setUserInfo (rpConfig[not null]) Entry
[8/1/24 17:49:18:323 CEST] 000000b6 RelyingPartyC 3   getUserinfoEndpointEnabled returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC >  getUserinfoEndpoint(endpointEnabled[false]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC <  getUserinfoEndpoint returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getIdentityObject returns [null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setUserInfo returns [null] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setAccessToken Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  setExpirationTime(rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 RelyingPartyC 3   getOverrideIdTokenExp returns [false]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   idToken has no expiration time; defaulting to time to live to [7200] seconds.
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   _expirationTime[1722534558324]
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   SessionData Expiration Time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  setExpirationTime Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  processJSON Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkAcrValues(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkAcrValues Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  checkBasicStartAuthorization(Object[null], rpConfig[not null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  checkBasicStartAuthorization Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheMain Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getRemainingTimeToLiveSecs Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getExpirationTime() Entry
[8/1/24 17:49:18:324 CEST] 000000b6 OidcUtil      3   Expiration time : 2024.08.01 AD at 19:49:18 CEST
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getExpirationTime returns [1722534558324] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  getRemainingTimeToLiveSecs returns [7200] Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   Caching in DynaCache with lifetime/timetolive [7200]; -1 means the entry does not time out.
[8/1/24 17:49:18:324 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   <  cacheMain Exit
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  cacheAsAccessToken(rpCofig[null]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      >  decode(encInput[eyJ0eXAiOiJKV1QiLCJub25jZSI6InZGRmFkZ0xtRXRqcGRVRVRfV0ZTT0tjQ3A2blFkQ3lISEttcHZ2YWwzUzQiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyIsImtpZCI6Ik1HTHFqOThWTkxvWGFGZnBKQ0JwZ0I0SmFLcyJ9]) Entry
[8/1/24 17:49:18:324 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 DynaCacheUtil 3   getCache() returns [not null]
[8/1/24 17:49:18:325 CEST] 000000b6 SessionData   >  getAccessToken Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      <  decode returns [{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}] Exit
[8/1/24 17:49:18:325 CEST] 000000b6 JSONUtil      >  decode(encInput[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]) Entry
[8/1/24 17:49:18:326 CEST] 000000b6 JSONUtil      <  decode returns [{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"946a71dd-b3ab-4dbc-8d99-25341c991455","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   access token[header[{"typ":"JWT","nonce":"vFFadgLmEtjpdUET_WFSOKcCp6nQdCyHHKmpvval3S4","alg":"RS256","x5t":"MGLqj98VNLoXaFfpJCBpgB4JaKs","kid":"MGLqj98VNLoXaFfpJCBpgB4JaKs"}], claims[{"aud":"https://graph.microsoft.com","iss":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","iat":1722527058,"nbf":1722527058,"exp":1722530958,"aio":"E2dgYHhrcWqS8TXdF81aa05uu7qXBwA=","app_displayname":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","appidacr":"1","idp":"https://sts.windows.net/xxxxxxxxxxxxxxxxxxxxxxxxxxxxx/","idtyp":"app","oid":"946a71dd-b3ab-4dbc-8d99-25341c991455","rh":"0.AS8Au-36JUD0FUOD7m97615z9wMAAAAAAAAAwAAAAAAAAAAvAAA.","sub":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","tenant_region_scope":"EU","tid":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxx","uti":"CaL-hR9VVkGTEP9IhHNzAA","ver":"1.0","wids":["0997a1d0-0d1d-4acb-b408-d5ca73121e90"],"xms_idrel":"2 7","xms_tcdt":1402063171,"xms_tdbr":"EU"}]]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  getAccessToken returns OAuth token [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getAccTokCacheAlias returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx]
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   3   getCacheIndex returns [lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo])
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  cacheAsAccessToken Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  createData() stateId=[null], sessionCookieId:cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionData   <  ==> new SessionData[com.ibm.ws.security.oidc.client.SessionData(isOauth=[true], cacheIndex=[lxXyDTnfKsjXKYt1zQCs6K8Tume9faTw9sRpJyF89jo], cfgIndex=[0], expirationTime=[1722534558324], accessTokenExpiresIn=[1722530957321], identityObject=[null], idToken=[null], idTokenEnc=[null], iAccessToken=[null], accessToken=[null], oauthAccessToken=[xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx], refreshToken=[null], jwtClaims=[null], tokenType=[Bearer], scope=[null], userInfo=[null], iResponse=[null], basicAuthHeader=[null], verifiedJwt=[0], protectedUrl=[null], protectedUrlMethod=[null], parameterMap=[null], stateId=[null], dynamicCacheEnabled=[true])] Exit
[8/1/24 17:49:18:326 CEST] 000000b6 SessionCache  <  createEntry returns [not null] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getOauthResponse returns [{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonObject(data[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxx"}]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonObject returns JsonObject[{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      >  getJsonValue(obj[com.google.gson.JsonObject],key[access_token],required[true]) Entry
[8/1/24 17:49:18:327 CEST] 000000b6 JSONUtil      <  getJsonValue returns ["xxxxxxxxxxxxxxxxxxxxxxxxxx"] Exit
[8/1/24 17:49:18:327 CEST] 000000b6 OauthHelper   <  getClientCredentialsGrantAccessToken returns [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   Resetting invoked: null and received: nullsubjects
[8/1/24 17:49:18:343 CEST] 000000b6 WebSecurityCo 3   Getting pushed security value "true" for: com.ibm.ws.security.web.WebSecurityContext@1f92537
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo 3   postInvoke popped resource oss-api-ear of type Application
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo >  postInvoke Entry
                                 <null>
[8/1/24 17:49:18:343 CEST] 000000b6 EJSWebCollabo <  postInvoke Exit
[8/1/24 18:11:40:170 CEST] 000000d9 ThreadPool    1   Exanding buffer of ThreadPool sonOutThreadPool by 5

------------------------------
Petre Petreski

Original Message:
Sent: Thu August 01, 2024 08:32 AM
From: Barbara Jensen
Subject: Authenticate using OIDC TAI programmatically - No redirection