OIDC response fron userinfo endpoint is not consistent when retrieving user data
Affected version
Version: %2.17.1
Platform: All
Summary
Always Send Exported Attributes = OFF
Only Allow Declared Scopes = ON
Scope : test=codeUnite,employeeType,unite
1 - Auth to portal/oauth2 >> OK (TO Obtain a session ID)
2 - Retrieve from portal/oauth2/authorize >> OK (To obtain an authorization code)
3 - Obtain tokens from portal/oauth2/token >> OK (To obtain an access token)
4 - Retrieve user info from portal/oauth2/userinfo with the access token >> NOK
Sometimes :
{ "codeUnite" : "67658", "displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)", "email" : "adam.sores@gendarmerie.interieur.gouv.fr", "employeeType" : "APPRENTI TECH", "grade" : "APPR TECH", "nigend" : "480625", "nom" : "SORES", "postalCode" : "92130", "prenom" : "Adam", "responsabilite" : "E", "sub" : "adam.sores", "unite" : "SCT BCOF STSISI" }
and sometimes:
{ "sub" : "adam.sores" }
The portal response is not consistent.
### Logs
Client LOGS :
adam.sores@dgn092st014467:~$ for i in {1..1000} ; do curl -s -H 'Authorization: Bearer a896d64f0dc3f424384ea6c57827ea1441ab3858a05c356964e90b3f041d93ca' 'https://auth.dvsso.gendarmerie.fr/oauth2/userinfo' | json_pp ;sleep 1; done
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"sub" : "adam.sores"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"sub" : "adam.sores"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"sub" : "adam.sores"
}
{
"sub" : "adam.sores"
}
{
"sub" : "adam.sores"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
{
"sub" : "adam.sores"
}
{
"codeUnite" : "67658",
"displayname" : "SORES Adam APPR TECH (SCT BCOF STSISI)",
"email" : "adam.sores@gendarmerie.interieur.gouv.fr",
"employeeType" : "APPRENTI TECH",
"grade" : "APPR TECH",
"nigend" : "480625",
"nom" : "SORES",
"postalCode" : "92130",
"prenom" : "Adam",
"responsabilite" : "E",
"sub" : "adam.sores",
"unite" : "SCT BCOF STSISI"
}
******************************************
Portal LOGS :
2023-11-02T12:09:19+01:00 [debug] Redirect ************* to portal (url was /oauth2/userinfo)
2023-11-02T12:09:19+01:00 [debug] User not authenticated, Try in use, cancel redirection
2023-11-02T12:09:19+01:00 [debug] Start routing oauth2
2023-11-02T12:09:19+01:00 [debug] URL detected as an OpenID Connect USERINFO URL
2023-11-02T12:09:19+01:00 [debug] Bearer access token
2023-11-02T12:09:19+01:00 [debug] Received Access Token a896d64f0dc3f424384ea6c57827ea1441ab3858a05c356964e90b3f041d93ca
2023-11-02T12:09:19+01:00 [debug] Try to get SSO session b2609ec568fd9579a0f75dc7bc6778022c9c830f5f6dd691ba45b361e6649370
2023-11-02T12:09:19+01:00 [debug] Get session b2609ec568fd9579a0f75dc7bc6778022c9c830f5f6dd691ba45b361e6649370 from Portal::Main::Run
2023-11-02T12:09:19+01:00 [debug] Return SSO session b2609ec568fd9579a0f75dc7bc6778022c9c830f5f6dd691ba45b361e6649370
2023-11-02T12:09:19+01:00 [debug] Found corresponding user: adam.sores
2023-11-02T12:09:19+01:00 [debug] Calling hook oidcGenerateUserInfoResponse
2023-11-02T12:09:19+01:00 [debug] Apply following CORS policy:
2023-11-02T12:09:19+01:00 [debug] Access-Control-Allow-Origin
2023-11-02T12:09:19+01:00 [debug] *
--
2023-11-02T12:09:20+01:00 [debug] Redirect ************ to portal (url was /oauth2/userinfo)
2023-11-02T12:09:20+01:00 [debug] User not authenticated, Try in use, cancel redirection
2023-11-02T12:09:20+01:00 [debug] Start routing oauth2
2023-11-02T12:09:20+01:00 [debug] URL detected as an OpenID Connect USERINFO URL
2023-11-02T12:09:20+01:00 [debug] Bearer access token
2023-11-02T12:09:20+01:00 [debug] Received Access Token a896d64f0dc3f424384ea6c57827ea1441ab3858a05c356964e90b3f041d93ca
2023-11-02T12:09:20+01:00 [debug] Try to get SSO session b2609ec568fd9579a0f75dc7bc6778022c9c830f5f6dd691ba45b361e6649370
2023-11-02T12:09:20+01:00 [debug] Get session b2609ec568fd9579a0f75dc7bc6778022c9c830f5f6dd691ba45b361e6649370 from Portal::Main::Run
2023-11-02T12:09:20+01:00 [debug] Return SSO session b2609ec568fd9579a0f75dc7bc6778022c9c830f5f6dd691ba45b361e6649370
2023-11-02T12:09:20+01:00 [debug] Found corresponding user: adam.sores
2023-11-02T12:09:20+01:00 [debug] Calling hook oidcGenerateUserInfoResponse
2023-11-02T12:09:20+01:00 [debug] Apply following CORS policy:
2023-11-02T12:09:20+01:00 [debug] Access-Control-Allow-Origin
2023-11-02T12:09:20+01:00 [debug] *
--