We use 5.2.9 version of CAS. And We have problem every day when user try to authenticate. They get "Unautorized access" and in log we get CSRF error:
State parameter is different from the one sent in authentication request. Session expired or possible threat of cross-site request forgery Problem appear only first time every day. Any idea why ? W dniu piątek, 29 marca 2019 21:59:24 UTC+1 użytkownik richard.frovarp napisał: > > Need to add CAS 5.3.9. I have Google and Twitter working through > delegated auth. So I have that much working. > > On 3/29/19 3:57 PM, Richard Frovarp wrote: > > Does anyone have an example config or documentation on how to delegate > > to Azure AD? This is operating at the very edge of my understanding, and > > I'm having some difficulty. Not entirely sure what configs are required, > > or exactly what to set in Azure. > > > > Right now I have: > > > > cas.authn.pac4j.oidc[0].type=AZURE > > cas.authn.pac4j.oidc[0].id=<client id> > > cas.authn.pac4j.oidc[0].secret=<client-secret> > > cas.authn.pac4j.oidc[0].clientName=AZURE > > cas.authn.pac4j.oidc[0].discoveryUri= > https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration > > > cas.authn.pac4j.oidc[0].scope=openid email profile phone > > cas.authn.pac4j.oidc[0].azureTenantId=<directory-id> > > > > > > No idea if those scopes are right. > > > > Getting: > > > > 2019-03-29 15:53:33,486 ERROR > > [org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to > > error page from request [/clientredirect] due to exception > > [java.lang.ClassCastException: java.util.Collections$SingletonList > > cannot be cast to java.lang.String]> > > org.pac4j.core.exception.TechnicalException: > > java.lang.ClassCastException: java.util.Collections$SingletonList cannot > > be cast to java.lang.String > > at > > > org.pac4j.oidc.redirect.OidcRedirectActionBuilder.buildAuthenticationRequestUrl(OidcRedirectActionBuilder.java:113) > > > > ~[pac4j-oidc-3.6.1.jar:?] > > at > > > org.pac4j.oidc.redirect.OidcRedirectActionBuilder.redirect(OidcRedirectActionBuilder.java:78) > > > > ~[pac4j-oidc-3.6.1.jar:?] > > at > > > org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:109) > > > > ~[pac4j-core-3.6.1.jar:?] > > > > Caused by: java.lang.ClassCastException: > > java.util.Collections$SingletonList cannot be cast to java.lang.String > > at > > > com.nimbusds.oauth2.sdk.AuthorizationRequest.parse(AuthorizationRequest.java:972) > > > > ~[oauth2-oidc-sdk-5.62.jar:5.62] > > at > > > com.nimbusds.openid.connect.sdk.AuthenticationRequest.parse(AuthenticationRequest.java:1374) > > > > ~[oauth2-oidc-sdk-5.62.jar:5.62] > > at > > > com.nimbusds.openid.connect.sdk.AuthenticationRequest.parse(AuthenticationRequest.java:1340) > > > > ~[oauth2-oidc-sdk-5.62.jar:5.62] > > at > > > org.pac4j.oidc.redirect.OidcRedirectActionBuilder.buildAuthenticationRequestUrl(OidcRedirectActionBuilder.java:110) > > > > ~[pac4j-oidc-3.6.1.jar:?] > > ... 98 more > > > > Any suggestions would be helpful, because I'm having difficulty pulling > > off the right search to find the right set of documentation at MS. > > > > Thanks, > > > > Richard > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a4a9f6d6-f12e-453f-8263-3ab93c6f50cd%40apereo.org.
