Hi Christian, Can you indicate the exact version number (RC) and the commit id that you're using in 6.1?
--Misagh > From: "Christian Schmidt" <[email protected]> > To: "CAS Community" <[email protected]> > Sent: Wednesday, May 22, 2019 8:11:55 AM > Subject: [cas-user] CAS 6.x - Bypass Approval Prompt > Hi, > I'm currently working on CAS in version 6.1. > I have enabled OIDC and created a service which is working. > The problem I'm having is, that on every login the User gets redirected to an > approval/consent screen where he has to allow the service the access. > Accoring to the documentation, a OidcRegisteredService extends the > OAuthRegisteredService and the available configuration parameters for the > OAuth > Service also apply to the OIDC service. > Therefore, I used the parameter "bypassApprovalPrompt" : true > Unfortuantly this didn't work at all. > On further investigation I found the configuration class > org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy where I > set the key "enabled" to false - this also didn't work. > According to the log, CAS is bypassing the screen: > 2019-05-17 16:38:54,041 TRACE > [org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver] - > <Bypassing approval prompt for service > [OidcRegisteredService(super=OAuthRegisteredService(super=AbstractRegisteredService(serviceId=^http://(onlineservice2|ncvosproxy2-.+)\.company\.de(:[0-9]+)?(/.*)?, > name=Onlineservice, theme=null, informationUrl=null, privacyUrl=null, > responseType=null, id=2010, > expirationPolicy=DefaultRegisteredServiceExpirationPolicy(deleteWhenExpired=false, > notifyWhenDeleted=false, expirationDate=null), > proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@1, > proxyTicketExpirationPolicy=null, serviceTicketExpirationPolicy=null, > singleSignOnParticipationPolicy=null, evaluationOrder=0, > usernameAttributeProvider=org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider@87297e2, > logoutType=BACK_CHANNEL, requiredHandlers=[], environments=[], > attributeReleasePolicy=ReturnAllAttributeReleasePolicy(super=AbstractRegisteredServiceAttributeReleasePolicy(attributeFilter=null, > principalAttributesRepository=DefaultPrincipalAttributesRepository(), > consentPolicy=DefaultRegisteredServiceConsentPolicy(enabled=false, > excludedAttributes=null, includeOnlyAttributes=null), > authorizedToReleaseCredentialPassword=false, > authorizedToReleaseProxyGrantingTicket=false, excludeDefaultAttributes=false, > authorizedToReleaseAuthenticationAttributes=true, principalIdAttribute=null, > order=0)), > multifactorPolicy=DefaultRegisteredServiceMultifactorPolicy(multifactorAuthenticationProviders=[], > failureMode=UNDEFINED, principalAttributeNameTrigger=null, > principalAttributeValueToMatch=null, bypassEnabled=false), > logo=./images/onlineservice.svg, logoutUrl=null, > accessStrategy=DefaultRegisteredServiceAccessStrategy(order=0, enabled=true, > ssoEnabled=true, unauthorizedRedirectUrl=null, > delegatedAuthenticationPolicy=DefaultRegisteredServiceDelegatedAuthenticationPolicy(allowedProviders=[], > permitUndefined=true), requireAllAttributes=true, requiredAttributes={}, > rejectedAttributes={}, caseInsensitive=false), publicKey=null, properties={}, > contacts=[]), clientSecret=xxxxxxxxxxxxxx, clientId=onlineservice, > bypassApprovalPrompt=true, generateRefreshToken=false, jwtAccessToken=false, > supportedGrantTypes=[], supportedResponseTypes=[]), jwks=null, > jwksAuthenticationMethod=client_secret_basic, signIdToken=true, > encryptIdToken=true, idTokenEncryptionAlg=null, idTokenSigningAlg=null, > idTokenEncryptionEncoding=null, sectorIdentifierUri=null, applicationType=web, > subjectType=public, dynamicallyRegistered=false, implicit=false, > dynamicRegistrationDateTime=null, scopes=[])]: [null]> > 2019-05-17 16:38:54,042 TRACE > [org.apereo.cas.support.oauth.web.views.OAuth20ConsentApprovalViewResolver] - > <callbackUrl: > [https://sso2.company.de:8443/cas/oidc/authorize?response_type=code&scope=openid&client_id=onlineservice&state=Ev9kuSd-M6eB7inyzc8MimIBP9Q&redirect_uri=http%3A%2F%2Fonlineservice2.company.de%2Fsecure%2Fredirect_uri&nonce=H_n_BDMb3scnes75g-qra5pzKvUL-O1zYs_HlnoM8T8]> > May someone please give me a hint? > Best regards, > Christian > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups "CAS > Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email > to [email protected] . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/a94d635b-4993-4bbf-a8dc-6c0ad534816f%40apereo.org > . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/193172976.509393.1558640151700.JavaMail.zimbra%40unicon.net.
