Hi,
You get an error from your OpenID Connect provider when trying to retrieve
the token (
https://github.com/pac4j/pac4j/blob/1.8.x/pac4j-oidc/src/main/java/org/pac4j/oidc/client/OidcClient.java#L436
)
2016-05-24 10:32:32,498 DEBUG [org.pac4j.oidc.client.OidcClient] - <Token
response: status=400, content={"error_description": "Client authentication
failed (e.g., unknown client, no client authentication included, or
unsupported authentication method)","error": "invalid_client"}
>
2016-05-24 10:32:32,499 ERROR [org.pac4j.oidc.client.OidcClient] - <Bad token
response, error=invalid_client>
Don't you have anything relevant on the provider side logs ?
Thanks.
Best regards,
Jérôme
2016-05-24 13:10 GMT+02:00 Riaan Stegmann <[email protected]>:
> Good Day
>
> Ive setup Oidc login delegation in CAS to a custom provider. The
> authentication via the provider is successfull, and I get redirected back
> to CAS, however, then I get the "CAS is unavailable" error with the
> following debug in the log:
>
> 2016-05-24 10:32:32,450 DEBUG [org.jasig.cas.web.flow.
> InitialFlowSetupAction] - <Warning cookie path is set to null and path /
> cas/>
> 2016-05-24 10:32:32,459 DEBUG [org.jasig.cas.web.flow.
> InitialFlowSetupAction] - <TGC cookie path is set to null and path /cas/>
> 2016-05-24 10:32:32,460 DEBUG [org.jasig.cas.web.support.
> DefaultArgumentExtractor] - <No service could be extracted based on the
> given request>
> 2016-05-24 10:32:32,460 DEBUG [org.jasig.cas.web.support.
> DefaultArgumentExtractor] - <Extractor did not generate service.>
> 2016-05-24 10:32:32,460 DEBUG [org.jasig.cas.support.pac4j.web.flow.
> ClientAction] - <clientName: OidcClient>
> 2016-05-24 10:32:32,460 DEBUG [org.jasig.cas.support.pac4j.web.flow.
> ClientAction] - <client: <OidcClient> | name: OidcClient |>
> 2016-05-24 10:32:32,461 DEBUG [org.pac4j.oidc.client.OidcClient] - <
> Authentication request url : http://
> gen-dev.dhcp.meraka.csir.co.za:8000/authorize?response_type=code&client_id=860728&redirect_uri=http%3A%2F%2Fgen-dev.dhcp.meraka.csir.co.za%3A8080%2Fcas%2Flogin%3Fclient_name%3DOidcClient&scope=openid+profile&state=3nYYf3I7t4Be7eP3ekUWTv7ZthxnRkqtgct1xqg3Z-Y&display=page
> >
> 2016-05-24 10:32:32,461 DEBUG [org.jasig.cas.support.pac4j.web.flow.
> ClientAction] - <requires http action: {}
> <RequiresHttpAction> | code: 302 |
> at org.pac4j.core.exception.RequiresHttpAction.redirect(
> RequiresHttpAction.java:50)
> ...
> >
> 2016-05-24 10:32:32,489 DEBUG [org.jasig.cas.web.flow.
> InitialFlowSetupAction] - <Warning cookie path is set to null and path /
> cas/>
> 2016-05-24 10:32:32,490 DEBUG [org.jasig.cas.web.flow.
> InitialFlowSetupAction] - <TGC cookie path is set to null and path /cas/>
> 2016-05-24 10:32:32,490 DEBUG [org.jasig.cas.web.support.
> DefaultArgumentExtractor] - <No service could be extracted based on the
> given request>
> 2016-05-24 10:32:32,490 DEBUG [org.jasig.cas.web.support.
> DefaultArgumentExtractor] - <Extractor did not generate service.>
> 2016-05-24 10:32:32,491 DEBUG [org.jasig.cas.support.pac4j.web.flow.
> ClientAction] - <clientName: OidcClient>
> 2016-05-24 10:32:32,491 DEBUG [org.jasig.cas.support.pac4j.web.flow.
> ClientAction] - <client: <OidcClient> | name: OidcClient |>
> 2016-05-24 10:32:32,491 DEBUG [org.pac4j.oidc.client.OidcClient] - <
> Authentication response successful, get authorization code>
> 2016-05-24 10:32:32,491 DEBUG [org.jasig.cas.support.pac4j.web.flow.
> ClientAction] - <credentials: org.pac4j.oidc.credentials.
> OidcCredentials@514464be>
> 2016-05-24 10:32:32,492 DEBUG [org.jasig.cas.support.pac4j.web.flow.
> ClientAction] - <retrieve service: null>
> 2016-05-24 10:32:32,492 DEBUG [org.jasig.cas.support.pac4j.authentication.
> handler.support.ClientAuthenticationHandler] - <clientCredentials org.
> jasig.cas.authentication.principal.ClientCredential@2b33af5f>
> 2016-05-24 10:32:32,492 DEBUG [org.jasig.cas.support.pac4j.authentication.
> handler.support.ClientAuthenticationHandler] - <clientName: OidcClient>
> 2016-05-24 10:32:32,493 DEBUG [org.jasig.cas.support.pac4j.authentication.
> handler.support.ClientAuthenticationHandler] - <client: <OidcClient> |
> name: OidcClient |>
> 2016-05-24 10:32:32,493 DEBUG [org.pac4j.oidc.client.OidcClient] -
> <credentials
> : org.pac4j.oidc.credentials.OidcCredentials@514464be>
> 2016-05-24 10:32:32,498 DEBUG [org.pac4j.oidc.client.OidcClient] - <Token
> response: status=400, content={"error_description": "Client
> authentication failed (e.g., unknown client, no client authentication
> included, or unsupported authentication method)", "error":
> "invalid_client"}
> >
> 2016-05-24 10:32:32,499 ERROR [org.pac4j.oidc.client.OidcClient] - <Bad
> token response, error=invalid_client>
> 2016-05-24 10:32:32,499 DEBUG [org.jasig.cas.support.pac4j.authentication.
> handler.support.ClientAuthenticationHandler] - <userProfile: null>
> 2016-05-24 10:32:32,505 INFO [org.jasig.cas.authentication.
> PolicyBasedAuthenticationManager] - <ClientAuthenticationHandler failed
> authenticating org.jasig.cas.authentication.principal.
> ClientCredential@2b33af5f>
> 2016-05-24 10:32:32,506 DEBUG [org.jasig.cas.authentication.
> PolicyBasedAuthenticationManager] - <ClientAuthenticationHandler
> exception details: Authentication did not produce a user profile for: org.
> jasig.cas.authentication.principal.ClientCredential@2b33af5f>
> 2016-05-24 10:32:32,507 DEBUG [org.jasig.cas.audit.spi.
> TicketOrCredentialPrincipalResolver] - <Resolving argument [
> AuthenticationTransaction] for audit>
> 2016-05-24 10:32:32,507 DEBUG [org.jasig.cas.audit.spi.
> TicketOrCredentialPrincipalResolver] - <Resolving argument [
> ClientCredential] for audit>
> 2016-05-24 10:32:32,507 INFO [org.jasig.inspektr.audit.support.
> Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
> =============================================================
> WHO: org.jasig.cas.authentication.principal.ClientCredential@2b33af5f
> WHAT: Supplied credentials: [org.jasig.cas.authentication.principal.
> ClientCredential@2b33af5f]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Tue May 24 10:32:32 GMT 2016
> CLIENT IP ADDRESS: 146.64.28.93
> SERVER IP ADDRESS: 172.18.0.2
> =============================================================
>
> >
> 2016-05-24 10:32:32,509 DEBUG [org.jasig.cas.web.
> FlowExecutionExceptionResolver] - <Ignoring the received exception due to
> a type mismatch
> org.springframework.webflow.execution.ActionExecutionException: Exception
> thrown executing org.jasig.cas.support.pac4j.web.flow.
> ClientAction@71a83b32 in state 'clientAction' of flow 'login' -- action
> execution attributes were 'map[[empty]]'
>
> I've been at this for about 2 weeks with no success, can anyone point me
> in the right direction?
> CAS version: 4.2.1
> Tomcat: 7
> Java 8
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b9836a8c-861a-495d-898b-bf1995a819d5%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b9836a8c-861a-495d-898b-bf1995a819d5%40apereo.org?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/a/apereo.org/d/optout.
>
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LxMW7%2BPQA1XQUbcAw_%3DjDkeU36pC_7b8UyMtuFJ0-V2tA%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
