The customer is using Azure AD with openID Connect which uses the OAuth 2 protocol. Their openID “name” field is configured to a user’s name but in APS, the “name” field is configured to use an email address. In the APS method checkForTokenHeader, in Oauth2RequestHeaderService.java, when checking for “name” the expected value is an email address. This is causing the customer's login for APS to fail. The customer is requesting that an improvement be made so that the checkForTokenHeader can use “email” instead of “name”.
The customer is unable to change the configuration in their Azure openID client to use an email value in the “name” field because it is a global setting and affects other clients.
Current Behavior: The APS method checkForTokenHeader in Oauth2RequestHeaderService.java uses “name” for the authentication process.
Desired Behavior: The APS method checkForTokenHeader in Oauth2RequestHeaderService.java uses “email” for the authentication process.
The customer is also requesting that a temporary solution, like an override class, be provided while the improvement Jira is being considered.