WebSphere Application Server & Liberty

 View Only
  • 1.  Different Context Root for OpenID Relying Party Application WebSphereOIDCRP

    Posted Wed August 31, 2022 09:52 AM
    Hello IBM Folks,

    is it possible to define a different context root for the OpenID relying party application WebSphereOIDCRP? I tried to change the context root of the application with the WebSphere admin console to "/customerRoot/oidcclient" but this doesn't affect the redirect_uri passed to the authorize endpoint. The redirect_uri contains only "/oidcclient". So the RP is not found, when the Browser is redirected to this URI. I restarted WebSphere after I changed the context root!

    The issue behind this question is, that we have a Web ApplicationFirewall (WAF) at customer site, which is configured to block any URI except URIs with the context root "/customerRoot/*".

    Kind regards
    Thomas

    ------------------------------
    Thomas Mayr
    ------------------------------


  • 2.  RE: Different Context Root for OpenID Relying Party Application WebSphereOIDCRP

    Posted Wed August 31, 2022 10:11 AM
    Hi Thomas,

    If you've set a context root on your OIDC EAR that is not the default value of /oidcclient, you set the new context root on the callbackServletContext (not qualified) OIDC TAI custom property.

    ------------------------------
    Barbara Jensen
    ------------------------------



  • 3.  RE: Different Context Root for OpenID Relying Party Application WebSphereOIDCRP

    Posted Wed August 31, 2022 10:49 AM
    Hi Barbara,

    thank you, that's it! I've overseen this parameter.

    Kind regards
    Thomas

    ------------------------------
    Thomas Mayr
    ------------------------------



  • 4.  RE: Different Context Root for OpenID Relying Party Application WebSphereOIDCRP

    Posted Mon September 05, 2022 05:47 AM
    Hi Barbara,

    do you have an idea for this issue, too: https://community.ibm.com/community/user/wasdevops/discussion/openid-relying-party-interceptor-with-interceptedpathfilter-containing-uri-schema-und-authority

    This is still a problem for us we hav to solve.

    Kind regards
    Thomas

    ------------------------------
    Thomas Mayr
    ------------------------------