Hello, We succesfully configured CAS 5.2.2 to delegate authentication to an external provider through generic OAuth2 properties:
#(Optional) Friendly name for OAuth 2 provider, e.g. "This Organization" or "That Organization" cas.authn.pac4j.oauth2[0].clientName=Giltza Oauth 2 cas.authn.pac4j.oauth2[0].id=xxx cas.authn.pac4j.oauth2[0].secret=xxx cas.authn.pac4j.oauth2[0].authUrl=https://eidasdes.izenpe.com:8082/trustedx-authserver/izenpe/oauth cas.authn.pac4j.oauth2[0].tokenUrl=https://eidasdes.izenpe.com:8082/trustedx-authserver/izenpe/oauth/token cas.authn.pac4j.oauth2[0].profileUrl=https://eidasdes.izenpe.com:8082/trustedx-resources/openid/v1/users/me cas.authn.pac4j.oauth2[0].profileVerb=GET #cas.authn.pac4j.oauth2[0].profilePath= cas.authn.pac4j.oauth2[0].customParams.client_id=xxx cas.authn.pac4j.oauth2[0].customParams.response_type=code cas.authn.pac4j.oauth2[0].customParams.state=123456 cas.authn.pac4j.oauth2[0].customParams.acr_values=urn:safelayer:tws:policies:authentication:flow:bakq|urn:safelayer:tws:policies:authentication:flow:cert cas.authn.pac4j.oauth2[0].customParams.scope=urn:izenpe:identity:global cas.authn.pac4j.oauth2[0].profileAttrs.name=name cas.authn.pac4j.oauth2[0].profileAttrs.surname1=surname1 cas.authn.pac4j.oauth2[0].profileAttrs.surname2=surname2 ... If we don't do anything else, the following error occurs: [8/11/18 13:28:57:621 CET] 000000d3 SystemOut O 2018-11-08 13:28:57,611 DEBUG [org.pac4j.oauth.client.GenericOAuth20Client] - <profile: #OAuth20Profile# | *id: null* | attributes: {sub=978fa4ff4ea06ca1d39f35eb728b5a7e, cif=Q3890349H, country=ES, birthdate=EMPTY, key_usage=EMPTY, subject=SERIALNUMBER=99999988J, OID.2.5.4.4=#0C08464943544943494F, OID.2.5.4.42=#0C07434F5250524543, CN=CORPREC FICTICIO ACTIVO, OID.2.5.4.46=#131D2D646E692039393939393938384A202D63696620513338393033343948, OU=Condiciones de uso en www.izenpe.com nola erabili jakiteko, OU=Ziurtagiri korporatibo onartua - Cert. corporativo reconocido, O=IZENPE, C=ES, not_before=2017-03-16T12:15:29Z, tsl=S, issuer=CN=CA personal de AAPP vascas (2) - DESARROLLO, OU=AZZ Ziurtagiri publikoa - Certificado publico SCA, O=IZENPE S.A., C=ES, acr=urn:safelayer:tws:policies:authentication:flow:cert, surname1=FICTICIO, surname2=ACTIVO, email=EMPTY, dni=99999988J, tipoAfirma=0, firmaCualificada=S, naturalPersonSemanticsIdentifier=IDCES-99999988J, legalPersonSemanticsIdentifier=VATES-Q3890349H, serial_number=C6o=, given_name=CORPREC, pais=ES, not_after=2021-03-16T12:15:29Z, access_token=fc6ccaad705c4363cce28d89b7a3fd45897400c6134afd3c18d2d7a8bc8261a2, register_type=1, policy_identifier=1.3.6.1.4.1.14777.104.2, person_status=PF, domain=izenpe, organization=EMPTY, name=CORPREC FICTICIO ACTIVO, family_name=FICTICIO ACTIVO} | roles: [] | permissions: [] | isRemembered: false | clientName: null | linkedId: null |> [8/11/18 13:28:57:621 CET] 000000d3 SystemOut O 2018-11-08 13:28:57,611 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [org.apereo.cas.authentication.principal.ClientCredential@2cf6f06a[id=<null>]] of type [ClientCredential].> [8/11/18 13:28:57:621 CET] 000000d3 SystemOut O 2018-11-08 13:28:57,616 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: null WHAT: Supplied credentials: [org.apereo.cas.authentication.principal.ClientCredential@2cf6f06a[id=<null>]] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Thu Nov 08 13:28:57 CET 2018 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= [8/11/18 13:28:57:629 CET] 000000d3 SystemOut O 2018-11-08 13:28:57,628 ERROR [com.ibm.ws.webcontainer.servlet.ServletWrapper] - <SRVE0014E: Uncaught service() exception root cause dispatcherServlet: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.apereo.cas.support.pac4j.web.flow.DelegatedClientAuthenticationAction@f990386 in state 'clientAction' of flow 'login' -- action execution attributes were 'map[[empty]]' In order to solve the problem we modified the class GenericOAuth20ProfileDefinition.java of pac4j-oauth-2.3.1.jar. We just set an id for the profile. @Override public OAuth20Profile extractUserProfile(String body) throws HttpAction { final OAuth20Profile profile = new OAuth20Profile(); final JsonNode json = JsonHelper.getFirstNode(body, getFirstNodePath()); if (json != null) { * profile.setId(JsonHelper.getElement(json, "name"));* for (final String attribute : getPrimaryAttributes()) { convertAndAdd(profile, attribute, JsonHelper.getElement(json, attribute)); } for (final String attribute : getSecondaryAttributes()) { convertAndAdd(profile, attribute, JsonHelper.getElement(json, attribute)); } for (final Map.Entry<String, String> entry : getProfileAttributes().entrySet()) { final String key = entry.getKey(); final String value = entry.getValue(); convertAndAdd(profile, key, JsonHelper.getElement(json, value)); } } return profile; } We think this is very ugly. Is there any other way to solve this problem without modifying pac4j source code ??? Thank you so much! -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/04383633-87ab-46ec-abda-70daee84928c%40apereo.org.