engine: add scope 'openid' for compatibility with new versions of the keycloak

backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/service/ExternalOIDCService.java

@@ -52,6 +52,7 @@
 
 public class ExternalOIDCService {
 
+    private static final String OPENID_SCOPE = "openid";
     private static Logger log = LoggerFactory.getLogger(ExternalOIDCService.class);
 
     // Reference to the HTTP client used to send the requests to the SSO server:
@@ -125,6 +126,12 @@ private static SsoSession login(SsoContext ssoContext,
         String externalOidcClientSecret = ssoContext.getSsoLocalConfig().getProperty("EXTERNAL_OIDC_CLIENT_SECRET");
         String scope = SsoService.getScopeRequestParameter(request, "");
 
+        // We should request this scope by RFC (https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest)
+        // to have possibility for working with other oidc endpoints.
+        if( ! scope.contains(OPENID_SCOPE)) {
+            scope = scope + " " + OPENID_SCOPE;
+        }
+
         HttpPost post = createPost(externalOidcTokenEndPoint);
         List<BasicNameValuePair> form = new ArrayList<>();
         form.add(new BasicNameValuePair("client_id", externalOidcClientId));