Good Day
Ive setup Oidc login delegation in CAS to a custom provider. The
authentication via the provider is successfull, and I get redirected back
to CAS, however, then I get the "CAS is unavailable" error with the
following debug in the log:
2016-05-24 10:32:32,450 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction
] - <Warning cookie path is set to null and path /cas/>
2016-05-24 10:32:32,459 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction
] - <TGC cookie path is set to null and path /cas/>
2016-05-24 10:32:32,460 DEBUG [org.jasig.cas.web.support.
DefaultArgumentExtractor] - <No service could be extracted based on the
given request>
2016-05-24 10:32:32,460 DEBUG [org.jasig.cas.web.support.
DefaultArgumentExtractor] - <Extractor did not generate service.>
2016-05-24 10:32:32,460 DEBUG [org.jasig.cas.support.pac4j.web.flow.
ClientAction] - <clientName: OidcClient>
2016-05-24 10:32:32,460 DEBUG [org.jasig.cas.support.pac4j.web.flow.
ClientAction] - <client: <OidcClient> | name: OidcClient |>
2016-05-24 10:32:32,461 DEBUG [org.pac4j.oidc.client.OidcClient] - <
Authentication request url : http://
gen-dev.dhcp.meraka.csir.co.za:8000/authorize?response_type=code&client_id=860728&redirect_uri=http%3A%2F%2Fgen-dev.dhcp.meraka.csir.co.za%3A8080%2Fcas%2Flogin%3Fclient_name%3DOidcClient&scope=openid+profile&state=3nYYf3I7t4Be7eP3ekUWTv7ZthxnRkqtgct1xqg3Z-Y&display=page
>
2016-05-24 10:32:32,461 DEBUG [org.jasig.cas.support.pac4j.web.flow.
ClientAction] - <requires http action: {}
<RequiresHttpAction> | code: 302 |
at org.pac4j.core.exception.RequiresHttpAction.redirect(
RequiresHttpAction.java:50)
...
>
2016-05-24 10:32:32,489 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction
] - <Warning cookie path is set to null and path /cas/>
2016-05-24 10:32:32,490 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction
] - <TGC cookie path is set to null and path /cas/>
2016-05-24 10:32:32,490 DEBUG [org.jasig.cas.web.support.
DefaultArgumentExtractor] - <No service could be extracted based on the
given request>
2016-05-24 10:32:32,490 DEBUG [org.jasig.cas.web.support.
DefaultArgumentExtractor] - <Extractor did not generate service.>
2016-05-24 10:32:32,491 DEBUG [org.jasig.cas.support.pac4j.web.flow.
ClientAction] - <clientName: OidcClient>
2016-05-24 10:32:32,491 DEBUG [org.jasig.cas.support.pac4j.web.flow.
ClientAction] - <client: <OidcClient> | name: OidcClient |>
2016-05-24 10:32:32,491 DEBUG [org.pac4j.oidc.client.OidcClient] - <
Authentication response successful, get authorization code>
2016-05-24 10:32:32,491 DEBUG [org.jasig.cas.support.pac4j.web.flow.
ClientAction] - <credentials: org.pac4j.oidc.credentials.
OidcCredentials@514464be>
2016-05-24 10:32:32,492 DEBUG [org.jasig.cas.support.pac4j.web.flow.
ClientAction] - <retrieve service: null>
2016-05-24 10:32:32,492 DEBUG [org.jasig.cas.support.pac4j.authentication.
handler.support.ClientAuthenticationHandler] - <clientCredentials org.jasig
.cas.authentication.principal.ClientCredential@2b33af5f>
2016-05-24 10:32:32,492 DEBUG [org.jasig.cas.support.pac4j.authentication.
handler.support.ClientAuthenticationHandler] - <clientName: OidcClient>
2016-05-24 10:32:32,493 DEBUG [org.jasig.cas.support.pac4j.authentication.
handler.support.ClientAuthenticationHandler] - <client: <OidcClient> | name:
OidcClient |>
2016-05-24 10:32:32,493 DEBUG [org.pac4j.oidc.client.OidcClient] - <credentials
: org.pac4j.oidc.credentials.OidcCredentials@514464be>
2016-05-24 10:32:32,498 DEBUG [org.pac4j.oidc.client.OidcClient] - <Token
response: status=400, content={"error_description": "Client authentication
failed (e.g., unknown client, no client authentication included, or
unsupported authentication method)", "error": "invalid_client"}
>
2016-05-24 10:32:32,499 ERROR [org.pac4j.oidc.client.OidcClient] - <Bad
token response, error=invalid_client>
2016-05-24 10:32:32,499 DEBUG [org.jasig.cas.support.pac4j.authentication.
handler.support.ClientAuthenticationHandler] - <userProfile: null>
2016-05-24 10:32:32,505 INFO [org.jasig.cas.authentication.
PolicyBasedAuthenticationManager] - <ClientAuthenticationHandler failed
authenticating org.jasig.cas.authentication.principal.
ClientCredential@2b33af5f>
2016-05-24 10:32:32,506 DEBUG [org.jasig.cas.authentication.
PolicyBasedAuthenticationManager] - <ClientAuthenticationHandler exception
details: Authentication did not produce a user profile for: org.jasig.cas.
authentication.principal.ClientCredential@2b33af5f>
2016-05-24 10:32:32,507 DEBUG [org.jasig.cas.audit.spi.
TicketOrCredentialPrincipalResolver] - <Resolving argument [
AuthenticationTransaction] for audit>
2016-05-24 10:32:32,507 DEBUG [org.jasig.cas.audit.spi.
TicketOrCredentialPrincipalResolver] - <Resolving argument [ClientCredential
] for audit>
2016-05-24 10:32:32,507 INFO [org.jasig.inspektr.audit.support.
Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: org.jasig.cas.authentication.principal.ClientCredential@2b33af5f
WHAT: Supplied credentials: [org.jasig.cas.authentication.principal.
ClientCredential@2b33af5f]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue May 24 10:32:32 GMT 2016
CLIENT IP ADDRESS: 146.64.28.93
SERVER IP ADDRESS: 172.18.0.2
=============================================================
>
2016-05-24 10:32:32,509 DEBUG [org.jasig.cas.web.
FlowExecutionExceptionResolver] - <Ignoring the received exception due to a
type mismatch
org.springframework.webflow.execution.ActionExecutionException: Exception
thrown executing org.jasig.cas.support.pac4j.web.flow.ClientAction@71a83b32
in state 'clientAction' of flow 'login' -- action execution attributes were
'map[[empty]]'
I've been at this for about 2 weeks with no success, can anyone point me in
the right direction?
CAS version: 4.2.1
Tomcat: 7
Java 8
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b9836a8c-861a-495d-898b-bf1995a819d5%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
