-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Session Id claim is missing from identity token #1156
Comments
This looks like a bug. It appears that when the CheckSession endpoint is disabled, the sid claim is not included in the token. Originally, the sid was only used with the CheckSession endpoint, but now it is used in more places - such as backchannel logout. We will investigate this a bit more and hope to get a patch release soon. |
Oh interesting find. I will take a look at that. I tried upgrading to 6.2.2 just in case, but no luck. Thanks for digging into it. Re-examining my duende config I saw my notes: We have a first-party set of web applications on disjoint root domains, so we can't make use of any front-channel, 3rd party cookies. |
Can confirm that re-enabling the endpoint resolves the issue. We'll just do that until a fix. Thanks for your help @josephdecock |
@Cephei -- can you upgrade to 6.2.x for a patch, or do you need to stay on 6.1.x? |
We can update. I'd like to do that anyway to stay as current as possible. |
Ok, great! @josephdecock --- we only need to patch 6.2.x then, and merge forward. thanks all! |
6.2.3 was just released with this fix. Thanks all! |
We are using IS version 6.1.7 with server-side sessions enabled. Our product teams are looking to start implementing single-logout using backchannel, but I noticed our identity tokens do not contain the
sid
session identifier claim. I briefly checked the documentation and reviewed the IS code, but may have missed something. Is there an easy way to enable this claim to be issued? I see it would be filtered out by the custom profile service.The text was updated successfully, but these errors were encountered: