Hi,
I appreciate all the help. That check succeeds, see the log statements
below. It fails on isRequestAuthenticated in OAuth20AuthorizeController
https://github.com/apereo/cas/blob/master/support/cas-server-support-oauth/src/main/java/org/apereo/cas/support/oauth/web/OAuth20AuthorizeController.java#L85
https://github.com/apereo/cas/blob/master/support/cas-server-support-oauth/src/main/java/org/apereo/cas/support/oauth/web/OAuth20AuthorizeController.java#L108
There isn't a profile in the session or request attributes. I printed both
of those out and couldn't find one for Pac4jConstants.USER_PROFILES ("
pac4jUserProfile")
2016-12-15 09:53:52,309 DEBUG
[org.apereo.cas.support.oauth.validator.OAuthValidator] - <Check registered
service:
org.apereo.cas.services.OidcRegisteredService@126030a4[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7f17e342[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false,allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@27dc818c[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@5761f513,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@342a60c3[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=true,jwks=<null>,signIdToken=false]>
2016-12-15 09:53:52,310 DEBUG
[org.apereo.cas.support.oauth.validator.OAuthValidator] - <Found:
org.apereo.cas.services.OidcRegisteredService@126030a4[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@7f17e342[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false,allowedAttributes=[]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@27dc818c[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@5761f513,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@342a60c3[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=true,jwks=<null>,signIdToken=false]
vs redirectUri: http://localhost:8080/oauth_client>
2016-12-15 09:53:52,313 ERROR
[org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Authorize
request verification fails>
On Thursday, December 15, 2016 at 3:27:05 AM UTC-5, leleuj wrote:
>
> Hi,
>
> Here is the check:
> https://github.com/apereo/cas/blob/master/support/cas-server-support-oauth/src/main/java/org/apereo/cas/support/oauth/validator/OAuth20Validator.java#L78
>
> Can you debug it to see what's going on?
>
> Thanks.
> Best regards,
> Jérôme
>
>
> 2016-12-14 17:13 GMT+01:00 Todd Pratt <[email protected] <javascript:>>:
>
>> Hi Jérôme,
>>
>> I've tried several values for serviceId and can't find one that will work
>> I get the same error each time. I need it to redirect back to
>> http://localhost:8080/oauth_client. Could you please tell me what I'm
>> doing wrong with the following
>>
>> {
>> "@class" : "org.apereo.cas.services.OidcRegisteredService",
>> "clientId": "fb3s86QV9QKl",
>> "clientSecret": "VgWn3ysT24gZo66K",
>> "serviceId" : "^http://localhost:8080/oauth_client";,
>> "signIdToken": "false",
>> "name": "OIDC",
>> "id": 1000,
>> "evaluationOrder": 100
>> }
>>
>>
>>
>> Thank you,
>> Todd
>>
>>
>> On Wednesday, December 14, 2016 at 3:04:12 AM UTC-5, leleuj wrote:
>>>
>>> Hi,
>>>
>>> Sure. This error happens when you have not properly configured the
>>> serviceId of the Oidc service, it must match the redirectUri.
>>>
>>> See the documentation:
>>> https://apereo.github.io/cas/5.0.x/installation/OIDC-Authentication.html
>>>
>>>
>>> {
>>> "@class" : "org.apereo.cas.services.OidcRegisteredService",
>>> "clientId": "client",
>>> "clientSecret": "secret",
>>> "serviceId" : "^<https://the-redirect-uri>",
>>> "signIdToken": true,
>>> "name": "OIDC",
>>> "id": 1000,
>>> "evaluationOrder": 100,
>>> "jwks": "..."}
>>>
>>>
>>>
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> 2016-12-13 21:12 GMT+01:00 Misagh Moayyed <[email protected]>:
>>>
>>>> Feel free to submit an issue. Jérôme might have a few ideas. It would
>>>> also be helpful if you could pack your client into a shape that can be
>>>> tested and run by someone else. If you do [and you should], reference its
>>>> location in the issue.
>>>>
>>>>
>>>>
>>>> --Misagh
>>>>
>>>>
>>>>
>>>> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Todd
>>>> Pratt
>>>> *Sent:* Tuesday, December 13, 2016 11:21 AM
>>>> *To:* CAS Community <[email protected]>
>>>> *Subject:* [cas-user] Re: Authorize request verification fails with
>>>> OAuth and CAS 5.0.x
>>>>
>>>>
>>>>
>>>> The authorization url that is generated is
>>>>
>>>>
>>>>
>>>>
>>>> https://cas.mydomain.com:8443/cas/oauth2.0/authorize/?client_id=fb3s86QV9QKl&redirect_uri=http://localhost:8080/oauth_client&response_type=code&scope=openid
>>>>
>>>>
>>>>
>>>>
>>>> On Monday, December 12, 2016 at 4:51:17 PM UTC-5, Todd Pratt wrote:
>>>>
>>>> Hi,
>>>>
>>>>
>>>>
>>>> I'm trying to setup OpenID/OAuth2 on CAS 5.0.x using the war overlay
>>>> template. I included three dependencies,
>>>> cas-server-support-oidc, cas-server-support-ldap
>>>> and cas-server-support-json-service-registry. I built the management
>>>> webapp using that overlay template and I successfully logged into the
>>>> management app using the ldap authentication I setup. Now I'm trying to
>>>> setup a service provider for OpenID/OAuth2 and I keep getting an error
>>>> page
>>>> with my test application that says "Application Not Authorized to use CAS"
>>>> instead of redirecting to the login page. I've used this test client with
>>>> other servers and it seems to work. I enabled debugging and looking
>>>> through the code it looks it found my provider I defined but then it fails
>>>> at OAuth20AuthorizeController.isRequestAuthenticated() returns false. The
>>>> method isRequestAuthenticated() seems to look for a profile in the session
>>>> which isn't there. Is there something I'm missing? Below is the portion
>>>> of the log.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> 2016-12-12 13:09:40,226 DEBUG
>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <client_id:
>>>> fb3s86QV9QKl>
>>>>
>>>> 2016-12-12 13:09:40,227 DEBUG
>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <redirect_uri:
>>>> http://localhost:8080/oauth_client>
>>>>
>>>> 2016-12-12 13:09:40,227 DEBUG
>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <response_type:
>>>> code>
>>>>
>>>> 2016-12-12 13:09:40,227 DEBUG
>>>> [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Response
>>>> type: code>
>>>>
>>>> 2016-12-12 13:09:40,228 DEBUG
>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Check
>>>> registered
>>>> service:
>>>> org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false
>>>> ]>
>>>>
>>>> 2016-12-12 13:09:40,228 DEBUG
>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator] - <Found:
>>>> org.apereo.cas.services.OidcRegisteredService@66d09fb6[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@2027a3cc[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseProxyGrantingTicket=false],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAllAttributes=false,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuthenticationProviders=[],failureMode=CLOSED,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRefreshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false]
>>>>
>>>> vs redirectUri: http://localhost:8080/oauth_client>
>>>>
>>>> 2016-12-12 13:09:40,228 ERROR
>>>> [org.apereo.cas.support.oauth.web.OAuth20AuthorizeController] - <Authorize
>>>> request verification fails>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Thanks in advance for any help.
>>>>
>>>> --
>>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>>> - CAS mailing list guidelines:
>>>> https://apereo.github.io/cas/Mailing-Lists.html
>>>> - CAS documentation website: https://apereo.github.io/cas
>>>> - CAS project website: https://github.com/apereo/cas
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f4576f%40apereo.org
>>>>
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f4576f%40apereo.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>> --
>>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>>> - CAS mailing list guidelines:
>>>> https://apereo.github.io/cas/Mailing-Lists.html
>>>> - CAS documentation website: https://apereo.github.io/cas
>>>> - CAS project website: https://github.com/apereo/cas
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/026601d2557d%24488f0090%24d9ad01b0%24%40unicon.net
>>>>
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/026601d2557d%24488f0090%24d9ad01b0%24%40unicon.net?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>> --
>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>> - CAS mailing list guidelines:
>> https://apereo.github.io/cas/Mailing-Lists.html
>> - CAS documentation website: https://apereo.github.io/cas
>> - CAS project website: https://github.com/apereo/cas
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/78773adf-f671-4347-8b1e-e36aa8ffe78d%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/78773adf-f671-4347-8b1e-e36aa8ffe78d%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/64fb1fad-4b66-4091-92ce-dad0a580a3b7%40apereo.org.
