I am trying to authenticate the user with ADFS is identity provider and liferay is service provider.
To authenticate, I'm using openid connect as SSO which is already existed in liferay 7.3.5 CE GA6.
What I did to set up openid connect: I filled the SSO form that has authorization, token, userinfo endpoint, jwks_uri, issuer, subject type and scope with values are openid, profile, email.
About the discovery endpoint, I left it blank. The information I filled is from ***/.well-known/openid-configuration. And the ADFS is also configured to accept openid connect.
Problem that I met:
ERROR [https-jsse-nio-9595-exec-1][status_jsp:861] Unable to map OpenId Connect user to the portal, missing or invalid profile information: {emailAddresss=null, firstName=null, lastName=null}
WARN [https-jsse-nio-9595-exec-1][code_jsp:173] {code="400", msg="", uri=/c/portal/login/openidconnect} javax.servlet.ServletException: java.lang.IllegalStateException: Cannot call sendRedirect() after the response has been committed
As I understand, it didnt get valid profile information such email, name even I did include profile and email in scope and that lead to unable to create user and then cannot redirect to login state page.
And as I read in ADFS 2016 FAQ that the profile and scope is no longer supported, that means claims for email and profile cannot be called. There is also an article in ADFS 2016 FAQ that tells to customize custom id token in ADFS which requires to implement code in Visual Studio.
I am looking for a way to fix the above errors or a new way to implement openid connect in liferay by coding.