@mmoayyed <https://github.com/mmoayyed> @plajko <https://github.com/plajko>
https://github.com/apereo/cas/commit/39c112c80c0021c012978dbdad095a1539605964 https://github.com/apereo/cas/pull/3193 This commit apparently broke the OIDC accesstoken API for stateless REST based authentication. http://localhost:8080/cas/oidc/accessToken?grant_type=password&client_id=demoOIDC&username=casuser&password=Mellon <http://localhost:50178/qas/oidc/accessToken?grant_type=password&client_id=demoOIDC&username=casuser&password=Mellon> { "access_token": "AT-1-lRVr5VLQOKabdhaWiLyLyhO0afHP3kBY", "token_type": "bearer", "expires_in": 28800, "refresh_token": "RT-1-llRC4qJb0UWpmXOIiYnuTemhFdNO2wfP" } The response is missing ID_TOKEN. Server has below error 2019-04-08 12:44:36,024 ERROR [org.apache.catalina.core.ContainerBase.[Tomcat].[localhost].[/qas].[dispatcherServlet]] - <Servlet.service() for servlet [dispatcherServlet] in context with path [/qas] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot find service ticket issued to https://cas.example.org:8443/cas/oauth2.0/callbackAuthorize.* as p art of the authentication context] with root cause> java.lang.IllegalStateException: Cannot find service ticket issued to https://cas.example.org:8443/cas/oauth2.0/callbackAuthorize.* as part of the authentication context at com.google.common.base.Preconditions.checkState(Preconditions.java:504) ~[guava-25.0-jre.jar!/:?] at org.apereo.cas.oidc.token.OidcIdTokenGeneratorService.getOAuthServiceTicket(OidcIdTokenGeneratorService.java:178) ~[cas-server-support-oidc-5.3.9.jar!/:5.3.9] Apparently it is being assumed that there would always be a service ticket or proxy ticket. Though I agree it is a reasonable ask to support single logout, I believe we should not fail this if only accesstoken i.e. TGT is generated for given call with no service ticket / proxy ticket called against it. Any clue or work around for this issue? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7d3c48f2-494c-46cd-8795-7d80d53b3fc9%40apereo.org.
