Hi, I'm trying to setup OpenID/OAuth2 on CAS 5.0.x using the war overlay template. I included three dependencies, cas-server-support-oidc, cas-server-support-ldap and cas-server-support-json-service-registry. I built the management webapp using that overlay template and I successfully logged into the management app using the ldap authentication I setup. Now I'm trying to setup a service provider for OpenID/OAuth2 and I keep getting an error page with my test application that says "Application Not Authorized to use CAS" instead of redirecting to the login page. I've used this test client with other servers and it seems to work. I enabled debugging and looking through the code it looks it found my provider I defined but then it fails at OAuth20AuthorizeController.isRequestAuthenticated() returns false. The method isRequestAuthenticated() seems to look for a profile in the session which isn't there. Is there something I'm missing? Below is the portion of the log.
2016-12-12 13:09:40,226 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <client_id: fb3s86QV9QKl> 2016-12-12 13:09:40,227 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <redirect_uri: http://localhost:8080/oauth_client> 2016-12-12 13:09:40,227 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <response_type: code> 2016-12-12 13:09:40,227 DEBUG [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Response type: code> 2016-12-12 13:09:40,228 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Check registered service: org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false]> 2016-12-12 13:09:40,228 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Found: org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false] vs redirectUri: http://localhost:8080/oauth_client> 2016-12-12 13:09:40,228 ERROR [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Authorize request verification fails> Thanks in advance for any help. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e8e05206-aae0-49ef-949a-85675631b489%40apereo.org.
