Hi Jérôme,
I've tried several values for serviceId and can't find one that will work I
get the same error each time. I need it to redirect back to
http://localhost:8080/oauth_client. Could you please tell me what I'm
doing wrong with the following
{
"@class" : "org.apereo.cas.services.OidcRegisteredService",
"clientId": "fb3s86QV9QKl",
"clientSecret": "VgWn3ysT24gZo66K",
"serviceId" : "^http://localhost:8080/oauth_client";,
"signIdToken": "false",
"name": "OIDC",
"id": 1000,
"evaluationOrder": 100
}
Thank you,
Todd
On Wednesday, December 14, 2016 at 3:04:12 AM UTC-5, leleuj wrote:
>
> Hi,
>
> Sure. This error happens when you have not properly configured the
> serviceId of the Oidc service, it must match the redirectUri.
>
> See the documentation:
> https://apereo.github.io/cas/5.0.x/installation/OIDC-Authentication.html
>
>
> {
> "@class" : "org.apereo.cas.services.OidcRegisteredService",
> "clientId": "client",
> "clientSecret": "secret",
> "serviceId" : "^<https://the-redirect-uri>",
> "signIdToken": true,
> "name": "OIDC",
> "id": 1000,
> "evaluationOrder": 100,
> "jwks": "..."}
>
>
>
> Thanks.
> Best regards,
> Jérôme
>
>
> 2016-12-13 21:12 GMT+01:00 Misagh Moayyed <[email protected]
> <javascript:>>:
>
>> Feel free to submit an issue. Jérôme might have a few ideas. It would
>> also be helpful if you could pack your client into a shape that can be
>> tested and run by someone else. If you do [and you should], reference its
>> location in the issue.
>>
>>
>>
>> --Misagh
>>
>>
>>
>> *From:* [email protected] <javascript:> [mailto:[email protected]
>> <javascript:>] *On Behalf Of *Todd Pratt
>> *Sent:* Tuesday, December 13, 2016 11:21 AM
>> *To:* CAS Community <[email protected] <javascript:>>
>> *Subject:* [cas-user] Re: Authorize request verification fails with
>> OAuth and CAS 5.0.x
>>
>>
>>
>> The authorization url that is generated is
>>
>>
>>
>>
>> https://cas.mydomain.com:8443/cas/oauth2.0/authorize/?client_id=fb3s86QV9QKl&redirect_uri=http://localhost:8080/oauth_client&response_type=code&scope=openid
>>
>>
>>
>>
>> On Monday, December 12, 2016 at 4:51:17 PM UTC-5, Todd Pratt wrote:
>>
>> Hi,
>>
>>
>>
>> I'm trying to setup OpenID/OAuth2 on CAS 5.0.x using the war overlay
>> template. I included three dependencies,
>> cas-server-support-oidc, cas-server-support-ldap
>> and cas-server-support-json-service-registry. I built the management
>> webapp using that overlay template and I successfully logged into the
>> management app using the ldap authentication I setup. Now I'm trying to
>> setup a service provider for OpenID/OAuth2 and I keep getting an error page
>> with my test application that says "Application Not Authorized to use CAS"
>> instead of redirecting to the login page. I've used this test client with
>> other servers and it seems to work. I enabled debugging and looking
>> through the code it looks it found my provider I defined but then it fails
>> at OAuth20AuthorizeController.isRequestAuthenticated() returns false. The
>> method isRequestAuthenticated() seems to look for a profile in the session
>> which isn't there. Is there something I'm missing? Below is the portion
>> of the log.
>>
>>
>>
>>
>>
>> 2016-12-12 13:09:40,226 DEBUG
>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <client_id:
>> fb3s86QV9QKl>
>>
>> 2016-12-12 13:09:40,227 DEBUG
>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <redirect_uri:
>> http://localhost:8080/oauth_client>
>>
>> 2016-12-12 13:09:40,227 DEBUG
>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <response_type:
>> code>
>>
>> 2016-12-12 13:09:40,227 DEBUG
>> [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Response
>> type: code>
>>
>> 2016-12-12 13:09:40,228 DEBUG
>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Check registered
>> service:
>> org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false
>>
>> <javascript:>]>
>>
>> 2016-12-12 13:09:40,228 DEBUG
>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Found:
>> org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false
>>
>> <javascript:>] vs redirectUri: http://localhost:8080/oauth_client>
>>
>> 2016-12-12 13:09:40,228 ERROR
>> [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Authorize
>> request verification fails>
>>
>>
>>
>>
>>
>> Thanks in advance for any help.
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f4576f%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f4576f%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/026601d2557d%24488f0090%24d9ad01b0%24%40unicon.net
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/026601d2557d%24488f0090%24d9ad01b0%24%40unicon.net?utm_medium=email&utm_source=footer>
>> .
>>
>
>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/78773adf-f671-4347-8b1e-e36aa8ffe78d%40apereo.org.
