FHm can you share the error messages you see from ADFS?
I think I remember somtheing like that the sub claim needs to be in the access_token to make it work
I think I remember somtheing like that the sub claim needs to be in the access_token to make it work
Fyeah exactyl, if I remeber correctly ADFS uses the sub in the access token to find the user
Fhm this is weird, because we have customers using ADFS, but I think when using OIDC it is a little tricky to configure 
FLast time I worked with a customer on this we oriented us on https://www.michaelboeynaems.com/keycloak-ADFS-OIDC.html
F(I know its a KC blog :D)
FLet me talk to other customers who have adfs running, maybe i find the advice we need there.
Fnot yet, have not heard of them
FI do not fully understand that.
Why does the issuer not match? Does not zitadel request the token after getting the code?
Why does the issuer not match? Does not zitadel request the token after getting the code?
FOk got it.
And yeah we check the issue stricly since that is a problem for all different kind of things.
To think a little out of the box... you could steer zitadel to you backend "faking" the dns name from the target adfs by setting this in the containers dns section.
This way the issuer error might go away. Otherwise you might want to remove your backend.
I will send you a link for a quick chat about this.
And yeah we check the issue stricly since that is a problem for all different kind of things.
To think a little out of the box... you could steer zitadel to you backend "faking" the dns name from the target adfs by setting this in the containers dns section.
This way the issuer error might go away. Otherwise you might want to remove your backend.
I will send you a link for a quick chat about this.