[oidc] Wrong HTTP method for /userinfo endpoint?


we’re trying to integrate DUO SSO with gatling enterprise however we’re struggling to make it work.

We tried to intercept the communaction between gatling and duo and we noticed this request from gatling:

POST /<oidc-uri>/userinfo HTTP/1.1
Authorization: Bearer <token>
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Connection: Keep-Alive
Accept-Encoding: gzip
User-Agent: okhttp/4.12.0

Returning HTTP 403

HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 140
Connection: keep-alive
Server: Duo/1.0

Everything upon the /token call is correct, but /userinfo uses invalid HTTP method.

According to documentation, the method should be HTTP GET (which I was able verify).

While doing some digging, it seems some providers support both methods (GET+POST), but most of them work only with GET.

Is this something that can be configured on gatling side or is it bug?

Thank you for any comments.

FTR we use self-hosted 1.19.2 gatling.

Hello Erik,

Email sent for this :wink:

All the best,

1 Like