So we actually managed to fix this issue. The userinfo endpoint from Microsoft does not return any claims aside from sub which is really just garbage.
We created a site to pass the at Access token to that decodes and returns the claims in the access token. Open meetings oauth2 needs a redesign that will allow us to pick if we want to use a userinfo endpoint or just use an id token returned from the token endpoint. I'd be happy to provide more data for this upgrade if needed and any guidance you might need but this would allow Microsoft adfs users integrate a lot easier. On Fri, Jul 30, 2021, 23:29 Maxim Solodovnik <solomax...@gmail.com> wrote: > Hello Jeffry, > > I have commented > https://issues.apache.org/jira/projects/OPENMEETINGS/issues/OPENMEETINGS-2633 > 4 days ago > (no answer) > > Unfortunately I understand nothing from your email :( > I'm not native English speaker, so please try to provide more details :) > > On Fri, 30 Jul 2021 at 23:14, Jeffry Johnson <jeffry.s.john...@gmail.com> > wrote: > >> We are trying to get ADFS to work with our instance of OM. See >> https://issues.apache.org/jira/projects/OPENMEETINGS/issues/OPENMEETINGS-2633 >> for >> the bug reported by one of our developers. I am getting successful token >> responses, but I need to know how to map OM attributes to claims from the >> response. Such as: c:[Type == " >> http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname";, >> Issuer == "AD AUTHORITY"] >> => issue(store = "Active Directory", types = (" >> http://schemas.xmlsoap.org/claims/FirstName";, " >> http://schemas.xmlsoap.org/claims/LastName";, " >> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress";, " >> http://schemas.xmlsoap.org/claims/EmployeeID";, " >> http://schemas.xmlsoap.org/claims/ManagerEmail";, " >> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier";), >> query = ";givenName,sn,mail,employeeID,managerEmail,sAMAccountName;{0}", >> param = c.Value); >> >> Please help! >> > > > -- > Best regards, > Maxim >
