Yes, but I don't remember what the issue was being more than a year ago.
I am using oauth2.0 endpoints so I'm using /oauth2.0/profile to get the
profile back.  If you are using OIDC it looks like you should be using
cas/oidc/accessToken/
to get a token back first and then a call to /oidc/profile to get the
profile using the token you got back in the first request.

On Tue, Mar 6, 2018 at 6:36 PM, Ryan Rolland <r...@rolland.biz> wrote:

> Did you figure this out? I am having a very similar failure trying to get
> the profile on a call to cas/oidc/accessToken/ from either request or
> session. I believe it is due to the request being generated from the web
> applications back end and not the browser, i.e. no cookie information.
>
> ProfileManager<U>.retrieveAll(boolean) line: 58
> ProfileManager<U>.get(boolean) line: 35
> OidcAccessTokenEndpointController(OAuth20AccessTokenEndpointController).
> verifyAccessTokenRequest(HttpServletRequest, HttpServletResponse) line:
> 207
> OidcAccessTokenEndpointController(OAuth20AccessTokenEndpointCont
> roller).handleRequest(HttpServletRequest, HttpServletResponse) line: 103
>
>
> On Thursday, December 15, 2016 at 5:16:20 AM UTC-10, Todd Pratt wrote:
>>
>> Hi,
>>
>> I appreciate all the help.  That check succeeds, see the log statements
>> below.  It fails on isRequestAuthenticated in OAuth20AuthorizeController
>> https://github.com/apereo/cas/blob/master/support/cas-server
>> -support-oauth/src/main/java/org/apereo/cas/support/oauth/
>> web/OAuth20AuthorizeController.java#L85
>> https://github.com/apereo/cas/blob/master/support/cas-server
>> -support-oauth/src/main/java/org/apereo/cas/support/oauth/
>> web/OAuth20AuthorizeController.java#L108
>>
>> There isn't a profile in the session or request attributes.  I printed
>> both of those out and couldn't find one for Pac4jConstants.USER_PROFILES
>> ("pac4jUserProfile")
>>
>>
>> 2016-12-15 09:53:52,309 DEBUG 
>> [org.apereo.cas.support.oauth.validator.OAuthValidator]
>> - <Check registered service: org.apereo.cas.services.OidcRe
>> gisteredService@126030a4[attributeFilter=<null>,princip
>> alAttributesRepository=org.apereo.cas.authentication.prin
>> cipal.DefaultPrincipalAttributesRepository@7f17e342[],author
>> izedToReleaseCredentialPassword=false,authorizedToReleasePro
>> xyGrantingTicket=false,allowedAttributes=[]],accessStrategy=
>> org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@27dc818c
>> [enabled=true,ssoEnabled=true,requireAllAttr
>> ibutes=true,requiredAttributes={},unauthorizedRedirectUrl=<
>> null>,caseInsensitive=false,rejectedAttributes={}],publicKey
>> =<null>,proxyPolicy=org.apereo.cas.services.RefuseRegi
>> steredServiceProxyPolicy@5761f513,logo=<null>,logoutUrl
>> =<null>,requiredHandlers=[],properties={},multifactorPolicy=
>> org.apereo.cas.services.DefaultRegisteredServiceMultifactorP
>> olicy@342a60c3[multifactorAuthenticationProviders=[],
>> failureMode=CLOSED,principalAttributeNameTrigger=<null>,prin
>> cipalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,ap
>> provalPrompt=false,generateRefreshToken=false,jsonFormat=
>> true,jwks=<null>,signIdToken=false]>
>>
>> 2016-12-15 09:53:52,310 DEBUG 
>> [org.apereo.cas.support.oauth.validator.OAuthValidator]
>> - <Found: org.apereo.cas.services.OidcRegisteredService@126030a4[
>> attributeFilter=<null>,principalAttributesRepository=org.
>> apereo.cas.authentication.principal.DefaultPrincipalAttribut
>> esRepository@7f17e342[],authorizedToReleaseCredentialPasswor
>> d=false,authorizedToReleaseProxyGrantingTicket=false,allowed
>> Attributes=[]],accessStrategy=org.apereo.cas.services.Defaul
>> tRegisteredServiceAccessStrategy@27dc818c[enabled=true,
>> ssoEnabled=true,requireAllAttributes=true,requiredAttributes
>> ={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,re
>> jectedAttributes={}],publicKey=<null>,proxyPolicy=org.
>> apereo.cas.services.RefuseRegisteredServiceProxyPolicy@
>> 5761f513,logo=<null>,logoutUrl=<null>,requiredHandlers=[],pr
>> operties={},multifactorPolicy=org.apereo.cas.services.Defaul
>> tRegisteredServiceMultifactorPolicy@342a60c3[multifactorAuth
>> enticationProviders=[],failureMode=CLOSED,principalAt
>> tributeNameTrigger=<null>,principalAttributeValueToMatch=<
>> null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRef
>> reshToken=false,jsonFormat=true,jwks=<null>,signIdToken=false] vs
>> redirectUri: http://localhost:8080/oauth_client>
>>
>> 2016-12-15 09:53:52,313 ERROR [org.apereo.cas.support.oauth.
>> web.OAuth20AuthorizeController] - <Authorize request verification fails>
>>
>>
>> On Thursday, December 15, 2016 at 3:27:05 AM UTC-5, leleuj wrote:
>>>
>>> Hi,
>>>
>>> Here is the check: https://github.com/apereo/cas/blob/master/support/
>>> cas-server-support-oauth/src/main/java/org/apereo/cas/
>>> support/oauth/validator/OAuth20Validator.java#L78
>>>
>>> Can you debug it to see what's going on?
>>>
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> 2016-12-14 17:13 GMT+01:00 Todd Pratt <pratt...@gmail.com>:
>>>
>>>> Hi Jérôme,
>>>>
>>>> I've tried several values for serviceId and can't find one that will
>>>> work I get the same error each time.  I need it to redirect back to
>>>> http://localhost:8080/oauth_client.  Could you please tell me what I'm
>>>> doing wrong with the following
>>>>
>>>> {
>>>>   "@class" : "org.apereo.cas.services.OidcRegisteredService",
>>>>   "clientId": "fb3s86QV9QKl",
>>>>   "clientSecret": "VgWn3ysT24gZo66K",
>>>>   "serviceId" : "^http://localhost:8080/oauth_client";,
>>>>   "signIdToken": "false",
>>>>   "name": "OIDC",
>>>>   "id": 1000,
>>>>   "evaluationOrder": 100
>>>> }
>>>>
>>>>
>>>>
>>>> Thank you,
>>>> Todd
>>>>
>>>>
>>>> On Wednesday, December 14, 2016 at 3:04:12 AM UTC-5, leleuj wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> Sure. This error happens when you have not properly configured the
>>>>> serviceId of the Oidc service, it must match the redirectUri.
>>>>>
>>>>> See the documentation: https://apereo.github.io/cas/5
>>>>> .0.x/installation/OIDC-Authentication.html
>>>>>
>>>>>
>>>>> {
>>>>>   "@class" : "org.apereo.cas.services.OidcRegisteredService",
>>>>>   "clientId": "client",
>>>>>   "clientSecret": "secret",
>>>>>   "serviceId" : "^<https://the-redirect-uri>",
>>>>>   "signIdToken": true,
>>>>>   "name": "OIDC",
>>>>>   "id": 1000,
>>>>>   "evaluationOrder": 100,
>>>>>   "jwks": "..."}
>>>>>
>>>>>
>>>>>
>>>>> Thanks.
>>>>> Best regards,
>>>>> Jérôme
>>>>>
>>>>>
>>>>> 2016-12-13 21:12 GMT+01:00 Misagh Moayyed <mmoa...@unicon.net>:
>>>>>
>>>>>> Feel free to submit an issue. Jérôme might have a few ideas. It would
>>>>>> also be helpful if you could pack your client into a shape that can be
>>>>>> tested and run by someone else. If you do [and you should], reference its
>>>>>> location in the issue.
>>>>>>
>>>>>>
>>>>>>
>>>>>> --Misagh
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of
>>>>>> *Todd Pratt
>>>>>> *Sent:* Tuesday, December 13, 2016 11:21 AM
>>>>>> *To:* CAS Community <cas-...@apereo.org>
>>>>>> *Subject:* [cas-user] Re: Authorize request verification fails with
>>>>>> OAuth and CAS 5.0.x
>>>>>>
>>>>>>
>>>>>>
>>>>>> The authorization url that is generated is
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://cas.mydomain.com:8443/cas/oauth2.0/authorize/?client
>>>>>> _id=fb3s86QV9QKl&redirect_uri=http://localhost:8080/oauth_
>>>>>> client&response_type=code&scope=openid
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Monday, December 12, 2016 at 4:51:17 PM UTC-5, Todd Pratt wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>>
>>>>>> I'm trying to setup OpenID/OAuth2 on CAS 5.0.x using the war overlay
>>>>>> template.  I included three dependencies, cas-server-support-oidc, 
>>>>>> cas-server-support-ldap
>>>>>> and cas-server-support-json-service-registry.  I built the
>>>>>> management webapp using that overlay template and I successfully logged
>>>>>> into the management app using the ldap authentication I setup.  Now I'm
>>>>>> trying to setup a service provider for OpenID/OAuth2 and I keep getting 
>>>>>> an
>>>>>> error page with my test application that says "Application Not Authorized
>>>>>> to use CAS" instead of redirecting to the login page.  I've used this 
>>>>>> test
>>>>>> client with other servers and it seems to work.  I enabled debugging and
>>>>>> looking through the code it looks it found my provider I defined but then
>>>>>> it fails at OAuth20AuthorizeController.isRequestAuthenticated()
>>>>>> returns false.  The method isRequestAuthenticated() seems to look for a
>>>>>> profile in the session which isn't there.  Is there something I'm 
>>>>>> missing?
>>>>>> Below is the portion of the log.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2016-12-12 13:09:40,226 DEBUG 
>>>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator]
>>>>>> - <client_id: fb3s86QV9QKl>
>>>>>>
>>>>>> 2016-12-12 13:09:40,227 DEBUG 
>>>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator]
>>>>>> - <redirect_uri: http://localhost:8080/oauth_client>
>>>>>>
>>>>>> 2016-12-12 13:09:40,227 DEBUG 
>>>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator]
>>>>>> - <response_type: code>
>>>>>>
>>>>>> 2016-12-12 13:09:40,227 DEBUG [org.apereo.cas.support.oauth.
>>>>>> web.OAuth20AuthorizeController] - <Response type: code>
>>>>>>
>>>>>> 2016-12-12 13:09:40,228 DEBUG 
>>>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator]
>>>>>> - <Check registered service: org.apereo.cas.services.OidcRe
>>>>>> gisteredService@66d09fb6[attributeFilter=<null>,princip
>>>>>> alAttributesRepository=org.apereo.cas.authentication.prin
>>>>>> cipal.DefaultPrincipalAttributesRepository@2027a3cc[],author
>>>>>> izedToReleaseCredentialPassword=false,authorizedToReleasePro
>>>>>> xyGrantingTicket=false],accessStrategy=org.apereo.cas.servic
>>>>>> es.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled=
>>>>>> true,ssoEnabled=true,requireAllAttributes=false,requiredAttr
>>>>>> ibutes={},unauthorizedRedirectUrl=<null>,caseInsensitive=
>>>>>> false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=or
>>>>>> g.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@
>>>>>> 2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],pr
>>>>>> operties={},multifactorPolicy=org.apereo.cas.services.Defaul
>>>>>> tRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuth
>>>>>> enticationProviders=[],failureMode=CLOSED,principalAt
>>>>>> tributeNameTrigger=<null>,principalAttributeValueToMatch=<
>>>>>> null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRef
>>>>>> reshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false]>
>>>>>>
>>>>>> 2016-12-12 13:09:40,228 DEBUG 
>>>>>> [org.apereo.cas.support.oauth.validator.OAuthValidator]
>>>>>> - <Found: org.apereo.cas.services.OidcRegisteredService@66d09fb6[
>>>>>> attributeFilter=<null>,principalAttributesRepository=org.
>>>>>> apereo.cas.authentication.principal.DefaultPrincipalAttribut
>>>>>> esRepository@2027a3cc[],authorizedToReleaseCredentialPasswor
>>>>>> d=false,authorizedToReleaseProxyGrantingTicket=false],access
>>>>>> Strategy=org.apereo.cas.services.DefaultRegisteredServiceAcc
>>>>>> essStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAl
>>>>>> lAttributes=false,requiredAttributes={},unauthorizedRedirect
>>>>>> Url=<null>,caseInsensitive=false,rejectedAttributes={}],p
>>>>>> ublicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRe
>>>>>> gisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl
>>>>>> =<null>,requiredHandlers=[],properties={},multifactorPolicy=
>>>>>> org.apereo.cas.services.DefaultRegisteredServiceMultifactorP
>>>>>> olicy@6dd174aa[multifactorAuthenticationProviders=[],
>>>>>> failureMode=CLOSED,principalAttributeNameTrigger=<null>,prin
>>>>>> cipalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,ap
>>>>>> provalPrompt=false,generateRefreshToken=false,jsonFormat=
>>>>>> false,jwks=<null>,signIdToken=false] vs redirectUri:
>>>>>> http://localhost:8080/oauth_client>
>>>>>>
>>>>>> 2016-12-12 13:09:40,228 ERROR [org.apereo.cas.support.oauth.
>>>>>> web.OAuth20AuthorizeController] - <Authorize request verification
>>>>>> fails>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks in advance for any help.
>>>>>>
>>>>>> --
>>>>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>>>>> - CAS mailing list guidelines: https://apereo.github.io/cas/M
>>>>>> ailing-Lists.html
>>>>>> - CAS documentation website: https://apereo.github.io/cas
>>>>>> - CAS project website: https://github.com/apereo/cas
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "CAS Community" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to cas-user+u...@apereo.org.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed9
>>>>>> 3ca6-db04-4734-a86a-4d6938f4576f%40apereo.org
>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f4576f%40apereo.org?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>> --
>>>>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>>>>> - CAS mailing list guidelines: https://apereo.github.io/cas/M
>>>>>> ailing-Lists.html
>>>>>> - CAS documentation website: https://apereo.github.io/cas
>>>>>> - CAS project website: https://github.com/apereo/cas
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "CAS Community" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to cas-user+u...@apereo.org.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0266
>>>>>> 01d2557d%24488f0090%24d9ad01b0%24%40unicon.net
>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/026601d2557d%24488f0090%24d9ad01b0%24%40unicon.net?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>>
>>>>> --
>>>> - CAS gitter chatroom: https://gitter.im/apereo/cas
>>>> - CAS mailing list guidelines: https://apereo.github.io/cas/M
>>>> ailing-Lists.html
>>>> - CAS documentation website: https://apereo.github.io/cas
>>>> - CAS project website: https://github.com/apereo/cas
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to cas-user+u...@apereo.org.
>>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>>> ereo.org/d/msgid/cas-user/78773adf-f671-4347-8b1e-e36aa8ffe7
>>>> 8d%40apereo.org
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/78773adf-f671-4347-8b1e-e36aa8ffe78d%40apereo.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>>
>>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "CAS Community" group.
> To unsubscribe from this topic, visit https://groups.google.com/a/
> apereo.org/d/topic/cas-user/Mwa_8ePd7Kc/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/b4313f21-604b-4b1f-a81a-
> 98fa42e5f7dd%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b4313f21-604b-4b1f-a81a-98fa42e5f7dd%40apereo.org?utm_medium=email&utm_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAH7Y6jQDECfG5Ho66_iHttCDtNatheuxOa8upFbP6OZHetNCcg%40mail.gmail.com.

Reply via email to