OIDC field Sub in ID Token does not match Sub in UserInfo on RH-SSO with Active Directory User Federation
Issue
- The "sub" in the token doesn't match the value in in the userinfo result.
- Map ObjectGUID to
sub
Environment
- Red Hat Single Sign-On (RH-SSO) 7.3
- Microsoft Active Directory Lightweight Directory Service (AD LDS)
- "sub" overridden via client mapper
- OpenID Connect Authentication
- Accessing /auth/realms/{realm}/protocol/openid-connect/userinfo
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.