EAP: OIDC app attempting to access the second tenant, the user should be prompted to log

A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...

EAP: OIDC app attempting to access the second tenant, the user should be prompted to log

A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...

Insufficient Verification Of Data Authenticity

org.wildfly.security:wildfly-elytron-http-oidc is vulnerable to Insufficient Verification of Data Authenticity. The vulnerability is due to the session token caching logic when an OIDC app serving multiple tenants accesses a new tenant with a different OIDC configuration. This flaw occurs in...

CVE-2023-6236

A flaw was found in Red Hat Enterprise Application Platform 8. When an OIDC app that serves multiple tenants attempts to access the second tenant, it should prompt the user to log in again since the second tenant is secured with a different OIDC configuration. The underlying issue is in...