OpenId Connection id_token JWT Payload: Include User Password

Follow

SecureAuth IdP Version affected: 9.0+

Description: 

It is not recommended to send a user's password via a bearer token. However, in certain scenarios, the Oidc client requires the users password for legacy delegation purposes. 

Resolution: 

1. Configure the realm to send the user password in the send token.

2. Create a custom Oidc claim under Post Authentication. (Leave the property unmapped)

3. Modify the web.config to send the password in the custom claim. 31 is the value for password. This will not be displayed in the UI.

 

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.