Hello, I have discovered what happened. There is something when you are using OAuth2 Authorization Code and the ticket of CAS. If you have an valid access_token but an invalid TGT, this synthoms appears and it should return an invalid access_token.
There is another problem using Oauth2 protocol: When you ask for access_token passing *grant_type=authorization_code&client_id=ID* *&client_secret=SECRET&code=CODE&redirect_uri=CALLBACK* and then access /profile URL passing the access_token received, the ID returned are the name of the service, instead of the user id that authenticated before. If you send the same parameters, without the client_secret, it return another access_token and doing the same check at /profile URL, it returns the correct user id. I saw that something changed on version 5.3-RC, but I haven't checked if it already has been corrected. Thanks Sorry for bad english Em quinta-feira, 21 de dezembro de 2017 14:57:24 UTC-2, Diego Henrique Pagani escreveu: > > Hello, > > i'm trying to set up my application to log in CAS 5.2.0 using OAuth2 > protocol. When I try to get the access token, CAS server returns 500 code to > my application and have this stack in log: > > > 2017-12-21 13:53:27,263 ERROR > [org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to error > page from request [/oauth2.0/accessToken] due to exception [ticket cannot be > null]> > java.lang.RuntimeException: ticket cannot be null > at > org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.handleRequest(OAuth20AccessTokenEndpointController.java:120) > ~[cas-server-support-oauth-5.2.0.jar:5.2.0] > at > org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController$$FastClassBySpringCGLIB$$db180f28.invoke(<generated>) > ~[cas-server-support-oauth-5.2.0.jar:5.2.0] > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) > ~[spring-core-4.3.12.RELEASE.jar:4.3.12.RELEASE] > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) > ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) > ~[spring-aop-4.3.12.RELEASE.jar:4.3.12.RELEASE] > [...] > > > > I'm using maven War Overlay, registering services using json files, and > authenticating by a txt file, just for testing. > > Here is my service json config: > { > "@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredService", > "serviceId": "^http://.*", > "name": "application_name", > "id": 1000, > "clientId": 123, > "clientSecret": 123, > "jsonFormat" : false, > "bypassApprovalPrompt": true, > "generateRefreshToken": false, > "attributeReleasePolicy" : { > "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" > }, > > } > > > > > My application.yml > server: > ssl: > enabled: true > key-store: ./keystore.jks > key-store-password: password > key-password: password > key-alias: cas > cas: > server: > name: http://10.19.10.33:8081 > prefix: http://10.19.10.33:8081/cas > authn: > accept: > users: null > file: > filename: classpath:whitelist.txt > adminPagesSecurity: > ip: 127.0.0.1 > loginUrl: https://10.19.10.33:8443/cas/login > adminRoles: ROLE_ADMIN > users: classpath:/adminusers.properties > monitor: > endpoints: > enabled: true > sensitive: false > serviceRegistry: > yaml: > location: classpath:/services > tgc: > path: null > maxAge: -1 > domain: localhost > name: TGC > secure: false > httpOnly: true > rememberMeMaxAge: 1209600 > crypto: > encryption: > key: <hide> > signing: > key: <hide> > enabled: true > monitor: > st: > warn: > threshold: 10 > evictionThreshold: 0 > tgt: > warn: > threshold: 10 > evictionThreshold: 0 > spring: > config: > name: cfs-cas > management: > contextPath: /status > security: > enabled: true > roles: ADMIN > sessions: IF_REQUIRED > logging: > config: classpath:log4j2.xml > > Is there something I'm missing? > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a367cfab-c83f-4a86-8e3c-1dd9387923a4%40apereo.org.