[cas-user] Re: "Ticket cannot be null" - CAS 5.2.0 using OAuth2 Authentication Code

Wed, 03 Jan 2018 16:22:37 -0800 

Hello, 
I have discovered what happened. There is something when you are using 
OAuth2 Authorization Code and the ticket of CAS. If you have an valid 
access_token but an invalid TGT, this synthoms appears and  it should 
return an invalid access_token. 

There is another problem using Oauth2 protocol: When you ask for 
access_token passing *grant_type=authorization_code&client_id=ID*
*&client_secret=SECRET&code=CODE&redirect_uri=CALLBACK*  and then access 
/profile URL passing the access_token received, the  ID returned are the 
name of the service, instead of the user id that authenticated before. If 
you send the same parameters, without the client_secret, it return another 
access_token and doing the same check at /profile URL, it returns the 
correct user id. I saw that something changed on version 5.3-RC, but I 
haven't checked if it already has been corrected.

Thanks
Sorry for bad english

Em quinta-feira, 21 de dezembro de 2017 14:57:24 UTC-2, Diego Henrique 
Pagani escreveu:
>
> Hello,
>
> i'm trying to set up my application to log in CAS 5.2.0 using OAuth2 
> protocol.  When I try to get the access token, CAS server returns 500 code to 
> my application and have this stack in log: 
>
>
> 2017-12-21 13:53:27,263 ERROR 
> [org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to error 
> page from request [/oauth2.0/accessToken] due to exception [ticket cannot be 
> null]>
> java.lang.RuntimeException: ticket cannot be null
>  at 
> org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.handleRequest(OAuth20AccessTokenEndpointController.java:120)
>  ~[cas-server-support-oauth-5.2.0.jar:5.2.0]
>  at 
> org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController$$FastClassBySpringCGLIB$$db180f28.invoke(<generated>)
>  ~[cas-server-support-oauth-5.2.0.jar:5.2.0]
>  at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
> ~[spring-core-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>  at 
> org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
>  ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>  at 
> org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
>  ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE]
>  [...]
>
>
>
> I'm using maven War Overlay, registering services using json files, and 
> authenticating by a txt file, just for testing. 
>
> Here is my service json config: 
> {
>  "@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>  "serviceId": "^http://.*";,
>  "name": "application_name",
>  "id": 1000,
>  "clientId": 123,
>  "clientSecret": 123,
>  "jsonFormat" : false,
>  "bypassApprovalPrompt": true,
>     "generateRefreshToken": false,
>  "attributeReleasePolicy" : {
>         "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>     },
>     
> }  
>
>
>
>
> My application.yml
> server:
>   ssl:
>     enabled: true
>     key-store: ./keystore.jks
>     key-store-password: password
>     key-password: password
>     key-alias: cas
> cas:
>   server:
>     name: http://10.19.10.33:8081
>     prefix: http://10.19.10.33:8081/cas
>   authn:
>     accept:
>       users: null
>     file:
>       filename: classpath:whitelist.txt
>   adminPagesSecurity:
>     ip: 127.0.0.1
>     loginUrl: https://10.19.10.33:8443/cas/login
>     adminRoles: ROLE_ADMIN
>     users: classpath:/adminusers.properties
>   monitor:
>     endpoints:
>       enabled: true
>       sensitive: false
>   serviceRegistry:
>     yaml:
>       location: classpath:/services
>   tgc:
>     path: null
>     maxAge: -1
>     domain: localhost
>     name: TGC
>     secure: false
>     httpOnly: true
>     rememberMeMaxAge: 1209600
>     crypto:
>       encryption:
>         key: <hide>
>       signing:
>         key: <hide>
>       enabled: true
>     monitor:
>       st:
>         warn:
>           threshold: 10
>           evictionThreshold: 0
>       tgt:
>         warn:
>           threshold: 10
>           evictionThreshold: 0
> spring:
>   config:
>     name: cfs-cas
> management:
>   contextPath: /status
>   security:
>     enabled: true
>     roles: ADMIN
>     sessions: IF_REQUIRED
> logging:
>   config: classpath:log4j2.xml
>
> Is there something I'm missing? 
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a367cfab-c83f-4a86-8e3c-1dd9387923a4%40apereo.org.

Reply via email to