Im having a trouble when using SSO with Google Authentication delegated.
I have two sites A and B
1. Im login in site A via cas server with Google Authentication
2. Im login in site B then error ocured
2019-07-03 00:28:24,630 ERROR
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <Authentication has failed. Credentials may be incorrect or CAS cannot find
> authentication handler that supports [ClientCredential(credentials=null,
> clientName=Google, typedIdUsed=true, userProfile=null)] of type
> [ClientCredential]. Examine the configuration to ensure a method of
> authentication is defined and analyze CAS logs at DEBUG level to trace the
> authentication event.>
>
I setup site A service json file like
>
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"clientId":
> "69438529176-ghio8mpe9c10oia1b5qbm1vdbe0sci95.apps.googleusercontent.com",
"clientSecret": "tihWWJ6zKIuvYSgl4Fk36w1g",
"serviceId" : "^http://127.0.0.1:8000/.*";,
"name" : "Rating service",
"id" : 1994,
"allowedToProxy":true,
"enabled":true,
"ssoEnabled":true,
"anonymousAccess":false,
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"usernameAttributeProvider" : {
"@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"attributeReleasePolicy" : {
"@class" :
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "username", "name",
> "given_name", "family_name", "email", "access_token", "picture"] ],
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : true
},
"accessStrategy" : {
"@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"delegatedAuthenticationPolicy" : {
"@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders" : [ "java.util.ArrayList", [ "Google" ] ]
},
"enabled" : true,
"ssoEnabled" : true,
"permitUndefined": true,
"exclusive": true
},
"publicKey" : {
"@class" : "org.apereo.cas.services.RegisteredServicePublicKeyImpl",
"location" : "classpath:public.key",
"algorithm" : "RSA"
}
}
site B :
> {
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"clientId":
> "69438529176-ghio8mpe9c10oia1b5qbm1vdbe0sci95.apps.googleusercontent.com",
"clientSecret": "tihWWJ6zKIuvYSgl4Fk36w1g",
"serviceId" : "^http://ratingservice.com/.*";,
"name" : "Rating service",
"allowedToProxy":true,
"enabled":true,
"ssoEnabled":true,
"anonymousAccess":false,
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"usernameAttributeProvider" : {
"@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"id" : 100,
"attributeReleasePolicy" : {
"@class" :
> "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "username", "name",
> "given_name", "family_name", "email", "access_token", "picture"] ],
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : true
},
"accessStrategy" : {
"@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"delegatedAuthenticationPolicy" : {
"@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders" : [ "java.util.ArrayList", [ "Google" ] ]
},
"enabled" : true,
"ssoEnabled" : true,
"permitUndefined": true,
"exclusive": true
},
"publicKey" : {
"@class" : "org.apereo.cas.services.RegisteredServicePublicKeyImpl",
"location" : "classpath:public.key",
"algorithm" : "RSA"
}
}
And cas.properties like this :
> cas.server.name: https://cas.topica.asia:8443
cas.server.prefix=${cas.server.name}/cas
> logging.config: file:/etc/cas/config/log4j2.xml
> cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location:file:etc/cas/services
> cas.sso.proxyAuthnEnabled=true
cas.sso.renewAuthnEnabled=true
> cas.authn.pac4j.name=pac4j
>
> cas.authn.pac4j.google.id=780031468524-kj5cgs4eo0iqif079kdo350q5h7viftg.apps.googleusercontent.com
cas.authn.pac4j.google.secret=fN5dob1bG0CJZHgQk7tJEEi2
cas.authn.pac4j.google.clientName=Google
cas.authn.pac4j.google.autoRedirect=false
cas.authn.pac4j.google.scope=EMAIL_AND_PROFILE
cas.authn.pac4j.typedIdUsed=true
cas.authn.pac4j.principalAttributeId=
> cas.logout.followServiceRedirects=true
> logging.level.org.apereo.cas=DEBUG
> cas.authn.mfa.globalFailureMode=NONE
>
> cas.authn.accept.users=casuser::Mellon
cas.authn.accept.name=Static Credentials
Please help me, i have been stuck on this problem for a month.
Sorry for my bad english :(
--
You received this message because you are subscribed to the Google Groups "CAS
Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-dev/e5d50d30-79be-4242-967b-b2a585eca6df%40apereo.org.
