use fixed version of mitreid-connect library

[wikkim]

Currently is 1.2.0-SNAPSHOT. We should be using a fixed version so we can get it from maven repository.

[wikkim]

Release version of 1.2.0 has some breaking changes. Relevant upstream change for reference: https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/commit/7df3597757f59b959c113978f9d3b5b5b21e034a

[wikkim]

After updating our code to address the new PendingOIDCAuthenticationToken class, no more compile errors, but getting a runtime issue as follows:

After selecting an OpenID Provider, and logging into the OP, the WebfingerIssuer service gets a null identifier on the way back into the IdBS. This causes a redirect back to the login page with no authentication or actual log-in for our application.

@jricher any ideas on recent changes that might have affected this? I looked through the history of changes on the WebfingerIssuer, but nothing jumped out at me right away

[jricher]

No ideas without a log or trace.

[wikkim]

Verified commit f4a1b27e2e53361aac69481d5ed61e825ba6db47 (1.2.0-SNAPSHOT) of mitreid-connect works with current IdBS code after setting the "forceHttps" flag to false. Need to find out what happened since then that breaks our login.

[wikkim]

b4520c170ed0b080e75c926010f9a93e01cbc185 is last working commit with IdBS. Something in 7df3597757f59b959c113978f9d3b5b5b21e034a when PendingOIDCAuthenticationToken was introduced is the issue.

[wikkim]

facepalm Needed to add the new PendingOIDCAuthenticationToken to the supported authentication types for our MultipleIdentityAuthenticationProvider. Example: public boolean supports(Class<?> authentication) { return MultipleIdentityAuthentication.class.isAssignableFrom(authentication) || OIDCAuthenticationToken.class.isAssignableFrom(authentication) || PendingOIDCAuthenticationToken.class.isAssignableFrom(authentication); }

[wikkim]

addressed by eb4bf72da529a4a6803359c77518508bc7804156