Query Regarding Integrating Identity Server with Shiny Proxy and Passing acr_values

vamsi_krishna_ventra · May 14, 2024, 8:34am

Hello Forum Members,

I hope this message finds you well.

I am currently working on integrating Identity Server with Shiny Proxy for authentication purposes. While I have successfully configured the basics, I’m facing a challenge regarding the passing of acr_values.

In the application.yml configuration file of Shiny Proxy, I’ve specified the necessary OpenID Connect endpoints (auth-url, token-url, jwks-url), client ID, and client secret provided by Identity Server. However, I couldn’t find clear documentation on how to pass acr_values in the authentication process.

Could someone please provide guidance or share any insights on how to include acr_values in the OpenID Connect authentication flow with Shiny Proxy? Any examples or documentation references would be greatly appreciated.

Thank you in advance for your assistance.

tdekoninck · May 16, 2024, 6:57am

Hi, thank you for your detailed question. It is currently not possible to specify acr_values, we will have to implement this in ShinyProxy. I created an internal ticket for this and we will probably include it in the next release.

tdekoninck · June 19, 2024, 10:51am

Hi @vamsi_krishna_ventra

When looking into this, I discovered that it should be possible to add the acr_values directly to the auth-url, e.g. for keycloak this would be:

proxy:
   openid:
     auth-url: https://keycloak.local/auth/realms/shinyproxy-config-example/protocol/openid-connect/auth?acr_values=value42

Could you give this a try and report back whether this works in your situation? If so, we will update the documentation.