Feel free to submit an issue. Jérôme might have a few ideas. It would also be helpful if you could pack your client into a shape that can be tested and run by someone else. If you do [and you should], reference its location in the issue.
--Misagh From: [email protected] [mailto:[email protected]] On Behalf Of Todd Pratt Sent: Tuesday, December 13, 2016 11:21 AM To: CAS Community <[email protected]> Subject: [cas-user] Re: Authorize request verification fails with OAuth and CAS 5.0.x The authorization url that is generated is https://cas.mydomain.com:8443/cas/oauth2.0/authorize/?client_id=fb3s86QV9QKl <https://cas.mydomain.com:8443/cas/oauth2.0/authorize/?client_id=fb3s86QV9QKl&redirect_uri=http://localhost:8080/oauth_client&response_type=code&scope=openid> &redirect_uri=http://localhost:8080/oauth_client&response_type=code&scope=openid On Monday, December 12, 2016 at 4:51:17 PM UTC-5, Todd Pratt wrote: Hi, I'm trying to setup OpenID/OAuth2 on CAS 5.0.x using the war overlay template. I included three dependencies, cas-server-support-oidc, cas-server-support-ldap and cas-server-support-json-service-registry. I built the management webapp using that overlay template and I successfully logged into the management app using the ldap authentication I setup. Now I'm trying to setup a service provider for OpenID/OAuth2 and I keep getting an error page with my test application that says "Application Not Authorized to use CAS" instead of redirecting to the login page. I've used this test client with other servers and it seems to work. I enabled debugging and looking through the code it looks it found my provider I defined but then it fails at OAuth20AuthorizeController.isRequestAuthenticated() returns false. The method isRequestAuthenticated() seems to look for a profile in the session which isn't there. Is there something I'm missing? Below is the portion of the log. 2016-12-12 13:09:40,226 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <client_id: fb3s86QV9QKl> 2016-12-12 13:09:40,227 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <redirect_uri: http://localhost:8080/oauth_client> 2016-12-12 13:09:40,227 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <response_type: code> 2016-12-12 13:09:40,227 DEBUG [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Response type: code> 2016-12-12 13:09:40,228 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Check registered service: org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false]> 2016-12-12 13:09:40,228 DEBUG [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Found: org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false] vs redirectUri: http://localhost:8080/oauth_client> 2016-12-12 13:09:40,228 ERROR [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Authorize request verification fails> Thanks in advance for any help. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f4576f%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f4576f%40apereo.org?utm_medium=email&utm_source=footer> . -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/026601d2557d%24488f0090%24d9ad01b0%24%40unicon.net.
