The logs following for OIDC flow: 2019-02-08 11:46:26,662 DEBUG [org.apereo.cas.web.flow.actions.RedirectToServiceAction] - <Located service response builder [org.apereo.cas.authentication.principal.WebApplicationServiceResponseBuilder@2a31b369] for [AbstractWebApplicationService(id=https://idp-oidc.fr/oauth2.0/callbackAuthorize?client_id=service.clientId&redirect_uri=service.redirect_uri&response_type=code&client_name=CasOAuthClient, originalUrl=https://idp-oidc.fr/oauth2.0/callbackAuthorize?client_id=service.clientId&redirect_uri=service.redirect_uri&response_type=code&client_name=CasOAuthClient, artifactId=null, principal=userPseudo, source=service, loggedOutAlready=false, format=XML, attributes={})]>
2019-02-08 11:46:26,702 DEBUG [org.apereo.cas.web.flow.actions.RedirectToServiceAction] - <Built response [org.apereo.cas.authentication.principal.DefaultResponse@36e645e1] for [AbstractWebApplicationService(id=https://idp-oidc.fr/oauth2.0/callbackAuthorize?client_id=service.clientId&redirect_uri=service.redirect_uri&response_type=code&client_name=CasOAuthClient, originalUrl=https://idp-oidc.fr/oauth2.0/callbackAuthorize?client_id=service.clientId&redirect_uri=service.redirect_uri&response_type=code&client_name=CasOAuthClient, artifactId=null, principal=userPseudo, source=service, loggedOutAlready=false, format=XML, attributes={})]> 2019-02-08 11:46:26,703 DEBUG [org.apereo.cas.web.flow.actions.RedirectToServiceAction] - <Signaling flow to redirect to service [AbstractWebApplicationService(id=https://idp-oidc.fr/oauth2.0/callbackAuthorize?client_id=service.clientId&redirect_uri=service.redirect_uri&response_type=code&client_name=CasOAuthClient, originalUrl=https://idp-oidc.fr/oauth2.0/callbackAuthorize?client_id=service.clientId&redirect_uri=service.redirect_uri&response_type=code&client_name=CasOAuthClient, artifactId=null, principal=userPseudo, source=service, loggedOutAlready=false, format=XML, attributes={})] via event [redirect]> 2019-02-08 11:46:27,055 DEBUG [org.jasig.cas.client.validation.Cas30ServiceTicketValidator] - <Placing URL parameters in map.> 2019-02-08 11:46:27,055 DEBUG [org.jasig.cas.client.validation.Cas30ServiceTicketValidator] - <Calling template URL attribute map.> 2019-02-08 11:46:27,055 DEBUG [org.jasig.cas.client.validation.Cas30ServiceTicketValidator] - <Loading custom parameters from configuration.> 2019-02-08 11:46:27,056 DEBUG [org.jasig.cas.client.validation.Cas30ServiceTicketValidator] - <Constructing validation url: https://idp-oidc.fr/p3/serviceValidate?ticket=ST-1-***idp-oidc.fr&service=https%3A%2F%2Fidp-oidc.fr%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3Dservice.clientId%26redirect_uri%3Dservice.redirect_uri%26response_type%3Dcode%26client_name%3DCasOAuthClient > 2019-02-08 11:46:27,056 DEBUG [org.jasig.cas.client.validation.Cas30ServiceTicketValidator] - <Retrieving response from server.> 2019-02-08 11:46:27,227 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [result=Service Access Granted,service=service.redirect_uri,principal=SimplePrincipal(id=userPseudo, attributes={}),requiredAttributes={}] ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Fri Feb 08 11:46:27 CET 2019 CLIENT IP ADDRESS: ip SERVER IP ADDRESS: ip ============================================================= 2019-02-08 11:46:27,241 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: userPseudo WHAT: ST-****idp-oidc.fr ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Fri Feb 08 11:46:27 CET 2019 CLIENT IP ADDRESS: ip SERVER IP ADDRESS: ip ============================================================= > 2019-02-08 11:46:27,246 DEBUG [org.apereo.cas.web.AbstractServiceValidateController] - <Locating the primary authentication associated with this service request [AbstractWebApplicationService(id=service.redirect_uri, originalUrl=service.redirect_uri, artifactId=ST-1-*****idp-oidc.fr, principal=null, source=service, loggedOutAlready=false, format=XML, attributes={})]> 2019-02-08 11:46:27,246 DEBUG [org.apereo.cas.web.AbstractServiceValidateController] - <No particular authentication context is required for this request> 2019-02-08 11:46:27,246 DEBUG [org.apereo.cas.web.AbstractServiceValidateController] - <No service credentials specified, and/or the proxy handler [org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler@3bf721e5] cannot handle credentials> 2019-02-08 11:46:27,246 DEBUG [org.apereo.cas.web.AbstractServiceValidateController] - <Successfully validated service ticket [ST-1-****idp-oidc.fr] for service [ https://idp-oidc.fr/oauth2.0/callbackAuthorize?client_id=service.clientId&redirect_uri=service.redirect_uri&response_type=code&client_name=CasOAuthClient ]> 2019-02-08 11:46:27,254 DEBUG [org.apereo.cas.web.view.Cas20ResponseView] - <Prepared CAS response output model with attribute names [[assertion, service, org.springframework.validation.BindingResult.assertion, org.springframework.validation.BindingResult.service, principal, chainedAuthentications, primaryAuthentication, attributes]]> 2019-02-08 11:46:27,255 DEBUG [org.apereo.cas.web.view.Cas30ResponseView] - <Processed principal attributes from the output model to be [[]]> 2019-02-08 11:46:27,255 DEBUG [org.apereo.cas.web.view.Cas30ResponseView] - <CAS is configured to release protocol-level attributes. Processing...> 2019-02-08 11:46:27,255 DEBUG [org.apereo.cas.web.view.Cas30ResponseView] - <Processed protocol/authentication attributes from the output model to be [[samlAuthenticationStatementAuthMethod, credentialType, isFromNewLogin, authenticationDate, authenticationMethod, successfulAuthenticationHandlers, longTermAuthenticationRequestTokenUsed]]> 2019-02-08 11:46:27,256 DEBUG [org.apereo.cas.web.view.Cas30ResponseView] - <Final collection of attributes for the response are [[samlAuthenticationStatementAuthMethod, credentialType, isFromNewLogin, authenticationDate, authenticationMethod, successfulAuthenticationHandlers, longTermAuthenticationRequestTokenUsed]].> 2019-02-08 11:46:27,256 DEBUG [org.apereo.cas.web.view.Cas30ResponseView] - <Beginning to encode attributes for the response> 2019-02-08 11:46:27,256 DEBUG [org.apereo.cas.web.view.Cas30ResponseView] - <Encoded attributes for the response are [{samlAuthenticationStatementAuthMethod=[urn:oasis:names:tc:SAML:1.0:am:password], credentialType=[UsernamePasswordCredential], isFromNewLogin=[true], authenticationDate=[2019-02-08T11:46:26.544+01:00[Europe/Paris]], authenticationMethod=[AcceptUsersAuthenticationHandler], successfulAuthenticationHandlers=[AcceptUsersAuthenticationHandler], longTermAuthenticationRequestTokenUsed=[false]}]> 2019-02-08 11:46:27,256 DEBUG [org.apereo.cas.web.view.attributes.DefaultCas30ProtocolAttributesRenderer] - <Beginning to format/render attributes for the response> 2019-02-08 11:46:27,286 DEBUG [org.apereo.cas.web.view.attributes.DefaultCas30ProtocolAttributesRenderer] - <Formatted attribute for the response: [<cas:samlAuthenticationStatementAuthMethod>urn:oasis:names:tc:SAML:1.0:am:password</cas:samlAuthenticationStatementAuthMethod>]> 2019-02-08 11:46:27,286 DEBUG [org.apereo.cas.web.view.attributes.DefaultCas30ProtocolAttributesRenderer] - <Formatted attribute for the response: [<cas:credentialType>UsernamePasswordCredential</cas:credentialType>]> 2019-02-08 11:46:27,286 DEBUG [org.apereo.cas.web.view.attributes.DefaultCas30ProtocolAttributesRenderer] - <Formatted attribute for the response: [<cas:isFromNewLogin>true</cas:isFromNewLogin>]> 2019-02-08 11:46:27,286 DEBUG [org.apereo.cas.web.view.attributes.DefaultCas30ProtocolAttributesRenderer] - <Formatted attribute for the response: [<cas:authenticationDate>2019-02-08T11:46:26.544+01:00[Europe/Paris]</cas:authenticationDate>]> 2019-02-08 11:46:27,286 DEBUG [org.apereo.cas.web.view.attributes.DefaultCas30ProtocolAttributesRenderer] - <Formatted attribute for the response: [<cas:authenticationMethod>AcceptUsersAuthenticationHandler</cas:authenticationMethod>]> 2019-02-08 11:46:27,286 DEBUG [org.apereo.cas.web.view.attributes.DefaultCas30ProtocolAttributesRenderer] - <Formatted attribute for the response: [<cas:successfulAuthenticationHandlers>AcceptUsersAuthenticationHandler</cas:successfulAuthenticationHandlers>]> 2019-02-08 11:46:27,286 DEBUG [org.apereo.cas.web.view.attributes.DefaultCas30ProtocolAttributesRenderer] - <Formatted attribute for the response: [<cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>]> 2019-02-08 11:46:27,310 DEBUG [org.jasig.cas.client.validation.Cas30ServiceTicketValidator] - <Server response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>userPseudo</cas:user> <cas:attributes> allUserAttributesAllowed </cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse> > 2019-02-08 11:46:27,391 WARN [org.apereo.cas.oidc.web.controllers.OidcAuthorizeEndpointController] - <Provided scopes [[]] are undefined by OpenID Connect, which requires that scope [openid] MUST be specified, or the behavior is unspecified. CAS MAY allow this request to be processed for now.> 2019-02-08 11:46:27,394 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [result=Service Access Granted,service=^service.redirect_uri,requiredAttributes={}] ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Fri Feb 08 11:46:27 CET 2019 CLIENT IP ADDRESS: ip SERVER IP ADDRESS: ip ============================================================= > > 2019-02-08 11:46:27,394 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [result=Service Access Granted,service=^service.redirect_uri,requiredAttributes={}] ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED APPLICATION: CAS WHEN: Fri Feb 08 11:46:27 CET 2019 CLIENT IP ADDRESS: ip SERVER IP ADDRESS: ip ============================================================= -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/30f7078d-d0c4-4ddb-ac6e-b2ee0e5b742c%40apereo.org.
