When user open CAS state parameter is set on the session, but when user comeback from Azure/OpenID state Parameter is exist on request but on the session is null.
W dniu poniedziałek, 3 czerwca 2019 22:39:23 UTC+2 użytkownik Łukasz Woźniak napisał: > > Problem is on connection Cas <> Azure/OpenId. State Parameter for CSRF is > null sometime when request come from Azure to Cas. I check and state is set > on the Session. > > W dniu poniedziałek, 3 czerwca 2019 18:06:00 UTC+2 użytkownik rbon napisał: >> >> Łukasz, This sounds like the client application is sending the user to >> CAS with one URL in the service parameter and a different URL when >> validating the service ticket. There should be log messages describing why >> the 'State paramerter ...' is output. You may have to turn up the log >> level. Ray >> On Mon, 2019-06-03 at 01:42 -0700, Łukasz Woźniak wrote: >> >> We use 5.2.9 version of CAS. And We have problem every day when user try >> to authenticate. They get "Unautorized access" and in log we get CSRF >> error: >> >> State >> >> parameter >> >> is >> >> different >> >> from >> >> the one sent >> >> in >> >> authentication request >> >> . >> >> Session >> >> expired >> >> or >> >> possible threat of cross >> >> - >> >> site request forgery >> >> >> Problem appear only first time every day. Any idea why ? >> >> >> W dniu piątek, 29 marca 2019 21:59:24 UTC+1 użytkownik richard.frovarp >> napisał: >> >> Need to add CAS 5.3.9. I have Google and Twitter working through >> delegated auth. So I have that much working. >> >> On 3/29/19 3:57 PM, Richard Frovarp wrote: >> > Does anyone have an example config or documentation on how to delegate >> > to Azure AD? This is operating at the very edge of my understanding, >> and >> > I'm having some difficulty. Not entirely sure what configs are >> required, >> > or exactly what to set in Azure. >> > >> > Right now I have: >> > >> > cas.authn.pac4j.oidc[0].type=AZURE >> > cas.authn.pac4j.oidc[0].id=<client id> >> > cas.authn.pac4j.oidc[0].secret=<client-secret> >> > cas.authn.pac4j.oidc[0].clientName=AZURE >> > cas.authn.pac4j.oidc[0].discoveryUri= >> https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration >> >> > cas.authn.pac4j.oidc[0].scope=openid email profile phone >> > cas.authn.pac4j.oidc[0].azureTenantId=<directory-id> >> > >> > >> > No idea if those scopes are right. >> > >> > Getting: >> > >> > 2019-03-29 15:53:33,486 ERROR >> > [org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to >> > error page from request [/clientredirect] due to exception >> > [java.lang.ClassCastException: java.util.Collections$SingletonList >> > cannot be cast to java.lang.String]> >> > org.pac4j.core.exception.TechnicalException: >> > java.lang.ClassCastException: java.util.Collections$SingletonList >> cannot >> > be cast to java.lang.String >> > at >> > >> org.pac4j.oidc.redirect.OidcRedirectActionBuilder.buildAuthenticationRequestUrl(OidcRedirectActionBuilder.java:113) >> >> >> > ~[pac4j-oidc-3.6.1.jar:?] >> > at >> > >> org.pac4j.oidc.redirect.OidcRedirectActionBuilder.redirect(OidcRedirectActionBuilder.java:78) >> >> >> > ~[pac4j-oidc-3.6.1.jar:?] >> > at >> > >> org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:109) >> >> >> > ~[pac4j-core-3.6.1.jar:?] >> > >> > Caused by: java.lang.ClassCastException: >> > java.util.Collections$SingletonList cannot be cast to java.lang.String >> > at >> > >> com.nimbusds.oauth2.sdk.AuthorizationRequest.parse(AuthorizationRequest.java:972) >> >> >> > ~[oauth2-oidc-sdk-5.62.jar:5.62] >> > at >> > >> com.nimbusds.openid.connect.sdk.AuthenticationRequest.parse(AuthenticationRequest.java:1374) >> >> >> > ~[oauth2-oidc-sdk-5.62.jar:5.62] >> > at >> > >> com.nimbusds.openid.connect.sdk.AuthenticationRequest.parse(AuthenticationRequest.java:1340) >> >> >> > ~[oauth2-oidc-sdk-5.62.jar:5.62] >> > at >> > >> org.pac4j.oidc.redirect.OidcRedirectActionBuilder.buildAuthenticationRequestUrl(OidcRedirectActionBuilder.java:110) >> >> >> > ~[pac4j-oidc-3.6.1.jar:?] >> > ... 98 more >> > >> > Any suggestions would be helpful, because I'm having difficulty pulling >> > off the right search to find the right set of documentation at MS. >> > >> > Thanks, >> > >> > Richard >> > >> >> -- >> >> Ray Bon >> Programmer Analyst >> Development Services, University Systems >> 2507218831 | CLE 019 | [email protected] >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c8838090-bd47-4a46-8ac3-9e073a438aa7%40apereo.org.
