WebSphere Liberty openIdConnectClient - Azure - 403 Forbidden

Question

Problem: Access to the sample Liberty application testpage is redirected to Azure and the user authentication is successful (verified via fiddler trace). However, authorization fails with Error 403: error=access_denied

The WAS-Liberty profile (17.0.0.1) openConnectClient has been configured to use Azure for authorization.

There is a WebSphere APAR PI52604 which describes a similar issue and adds a parameter encodeParameters=true. PI52604: OPENID CONNECT SSO WITH ACTIVE DIRECTORY FAILS WITH 403 FORBIDDEN http://www-01.ibm.com/support/docview.wss?uid=swg1PI52604

Question: Is there a similar fix for WAS-Liberty (17.0.0.1) that adds the parameter encodeParameters=true?

score 0 · Answer 1 · answered Jul 14 '17 at 16:28

0

There's no equivalent property in Liberty at present. If you're in a position to open a PMR with IBM, that would be the best way to get this addressed.

answered Jul 14 '17 at 16:28

Bruce T.

992
4
5

WebSphere Liberty openIdConnectClient - Azure - 403 Forbidden

1 Answers1