The authorization url that is generated is https://cas.mydomain.com:8443/cas/oauth2.0/authorize/?client_id=fb3s86QV9QKl&redirect_uri=http://localhost:8080/oauth_client&response_type=code&scope=openid
On Monday, December 12, 2016 at 4:51:17 PM UTC-5, Todd Pratt wrote: > > Hi, > > I'm trying to setup OpenID/OAuth2 on CAS 5.0.x using the war overlay > template. I included three dependencies, > cas-server-support-oidc, cas-server-support-ldap > and cas-server-support-json-service-registry. I built the management > webapp using that overlay template and I successfully logged into the > management app using the ldap authentication I setup. Now I'm trying to > setup a service provider for OpenID/OAuth2 and I keep getting an error page > with my test application that says "Application Not Authorized to use CAS" > instead of redirecting to the login page. I've used this test client with > other servers and it seems to work. I enabled debugging and looking > through the code it looks it found my provider I defined but then it fails > at OAuth20AuthorizeController.isRequestAuthenticated() returns false. The > method isRequestAuthenticated() seems to look for a profile in the session > which isn't there. Is there something I'm missing? Below is the portion > of the log. > > > 2016-12-12 13:09:40,226 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <client_id: > fb3s86QV9QKl> > 2016-12-12 13:09:40,227 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <redirect_uri: > http://localhost:8080/oauth_client> > 2016-12-12 13:09:40,227 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <response_type: > code> > 2016-12-12 13:09:40,227 DEBUG > [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Response > type: code> > 2016-12-12 13:09:40,228 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Check registered > service: > org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false]> > 2016-12-12 13:09:40,228 DEBUG > [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Found: > org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false] > > vs redirectUri: http://localhost:8080/oauth_client> > 2016-12-12 13:09:40,228 ERROR > [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Authorize > request verification fails> > > > Thanks in advance for any help. > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f4576f%40apereo.org.
