https://github.com/apereo/cas/issues/2347 Friday, 03 February 2017, 11:14AM +01:00 from kaphaelm [email protected] :
>Hi, > >My bad, I didn't provide Authorization header... >OIDC works fine now with Shiro authentication. > >But when I use trusted authentication with OIDC protocol I get an error for >the /authorize endpoint. >The error occurs after the authentication (I have an "AUTHENTICATION_SUCCESS" >in the logs) > >Here is the stackTrace (full logs are attached) >2017-01-11 18:10:50,279 DEBUG >[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] > - <Evaluating authentication policy via >OidcAuthenticationContextWebflowEventResolver for registered service >http://cas.idp.test.fr:8080/cas/oauth2.0/callbackAuthorize.* and service >http://cas.idp.test.fr:8080/cas/oauth2.0/callbackAuthorize?client_name=CasOAuthClient&client_id=client&redirect_uri=https://the-redirect-uri > > >2017-01-11 18:10:50,279 DEBUG [org.apereo.cas.web.support.WebUtils] - <No >warning cookie generator is defined> >2017-01-11 18:10:50,280 WARN >[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver] > - <null> >java.lang.NullPointerException >at java.net.URI$Parser.parse(URI.java:3042) ~[?:1.8.0_11] >at java.net.URI.<init>(URI.java:588) ~[?:1.8.0_11] >at org.jasig.cas.client.util.URIBuilder.<init>(URIBuilder.java:83) >~[cas-client-core-3.4.1.jar:3.4.1] >at >org.apereo.cas.web.flow.OidcAuthenticationContextWebflowEventResolver.resolveInternal(OidcAuthenticationContextWebflowEventResolver.java:41) > ~[cas-server-support-oidc-5.0.0.jar:5.0.0] >at >org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:425) > ~[cas-server-core-webflow-5.0.0.jar:5.0.0] > >If I skip the tests do ne in >OidcAuthenticationContextWebflowEventResolver.java (in debug mode) the >authentication process works well. >With Shiro authentication the context.getFlowExecutionUrl() in >OidcAuthenticationContextWebflowEventResolver.java return existing an url ( >/cas/login?service=...) > >Is there a configuration to set in order to use OpenId Connect protocol and >trusted authentication? > >Thanks! >Regards. > >Le lundi 30 janvier 2017 17:06:52 UTC+1, kaphaelm a écrit : >>Hi, >> >>I'm trying to use cas version 5.0.0 as an openid connect server (on localhost >>and http for the moment). >>Code generation is ok but, I get the following error when I try to validate >>the obtained code thanks /cas/oidc/access_token endpoint : >>{"timestamp":1485791198745,"status":401,"error":"Unauthorized","message":"No >>message available","path":"/cas/oidc/accessToken"} >> >>The logs don't say anything about the error : >>2017-01-30 16:46:38,726 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><=== SECURITY ===> >>2017-01-30 16:46:38,726 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><url: http://cas.idp.test.fr:8080/cas/oidc/accessToken > >>2017-01-30 16:46:38,726 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><matchers: null> >>2017-01-30 16:46:38,726 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><clients: clientBasicAuth,clientForm,userForm> >>2017-01-30 16:46:38,726 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><currentClients: [#DirectBasicAuthClient# | name: clientBasicAuth | >>credentialsExtractor: null | authenticator: >>org.apereo.cas.support.oauth.authenticator.OAuthClientAuthenticator@2d309cd1 >>| profileCreator: >>org.pac4j.core.profile.creator.AuthenticatorProfileCreator@1be1a488 |, >>#DirectFormClient# | name: clientForm | usernameParameter: client_id | >>passwordParameter: client_secret | extractor: null | authenticator: >>org.apereo.cas.support.oauth.authenticator.OAuthClientAuthenticator@2d309cd1 >>| profileCreator: >>org.pac4j.core.profile.creator.AuthenticatorProfileCreator@1be1a488 |, >>#DirectFormClient# | name: userForm | usernameParameter: username | >>passwordParameter: password | extractor: null | authenticator: >>org.apereo.cas.support.oauth.authenticator.OAuthUserAuthenticator@780f6639 | >>profileCreator: >>org.pac4j.core.profile.creator.AuthenticatorProfileCreator@1be1a488 |]> >>2017-01-30 16:46:38,728 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><loadProfilesFromSession: false> >>2017-01-30 16:46:38,728 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><profiles: []> >>2017-01-30 16:46:38,728 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><Performing authentication for direct client: #DirectBasicAuthClient# | name: >>clientBasicAuth | credentialsExtractor: null | authenticator: >>org.apereo.cas.support.oauth.authenticator.OAuthClientAuthenticator@2d309cd1 >>| profileCreator: >>org.pac4j.core.profile.creator.AuthenticatorProfileCreator@1be1a488 |> >>2017-01-30 16:46:38,732 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><credentials: null> >>2017-01-30 16:46:38,732 DEBUG >>[org.pac4j.http.client.direct.DirectBasicAuthClient] - <credentials : null> >>2017-01-30 16:46:38,732 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><profile: null> >>2017-01-30 16:46:38,732 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><Performing authentication for direct client: #DirectFormClient# | name: >>clientForm | usernameParameter: client_id | passwordParameter: client_secret >>| extractor: null | authenticator: >>org.apereo.cas.support.oauth.authenticator.OAuthClientAuthenticator@2d309cd1 >>| profileCreator: >>org.pac4j.core.profile.creator.AuthenticatorProfileCreator@1be1a488 |> >>2017-01-30 16:46:38,734 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><credentials: null> >>2017-01-30 16:46:38,734 DEBUG [org.pac4j.http.client.direct.DirectFormClient] >>- <credentials : null> >>2017-01-30 16:46:38,734 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><profile: null> >>2017-01-30 16:46:38,734 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><Performing authentication for direct client: #DirectFormClient# | name: >>userForm | usernameParameter: username | passwordParameter: password | >>extractor: org.pac4j.core.credentials.extractor.FormExtractor@62f3a13a | >>authenticator: >>org.apereo.cas.support.oauth.authenticator.OAuthUserAuthenticator@780f6639 | >>profileCreator: >>org.pac4j.core.profile.creator.AuthenticatorProfileCreator@1be1a488 |> >>2017-01-30 16:46:38,734 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><credentials: null> >>2017-01-30 16:46:38,734 DEBUG [org.pac4j.http.client.direct.DirectFormClient] >>- <credentials : null> >>2017-01-30 16:46:38,734 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><profile: null> >>2017-01-30 16:46:38,734 DEBUG [org.pac4j.core.engine.DefaultSecurityLogic] - >><unauthorized> >> >>Does anybody already encouter this behaviour? >>I attach my pom.xml and cas.properties, maybe I miss something. >> >> >> >>Thanks! >>Regards, >-- >- CAS gitter chatroom: https://gitter.im/apereo/cas >- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html >- CAS documentation website: https://apereo.github.io/cas >- CAS project website: https://github.com/apereo/cas >--- >You received this message because you are subscribed to the Google Groups "CAS >Community" group. >To unsubscribe from this group and stop receiving emails from it, send an >email to [email protected] . >To view this discussion on the web visit >https://groups.google.com/a/apereo.org/d/msgid/cas-user/136a3b65-bb57-4496-aebc-5c2fae81b42a%40apereo.org > . -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1486117032.527382281%40f15.my.com.
