I double checked that I didn’t have an errant file somewhere that would override the config. I un jared the cas.war file and grepped for cas.example.org JIC. All settings are loaded from the location below. CAS is running with embedded tomcat and is started by systemd. # The configuration directory where CAS should monitor to locate settings. spring.cloud.config.server.native.searchLocations=file:///etc/cas/config
/bin/java --add-modules java.se --add-exports java.base/jdk.internal.ref=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.nio=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.management/sun.management=ALL-UNNAMED --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED -Dhttp.proxySet=true -Dhttps.proxySet=true -Dhttp.proxyHost=proxysvc-501.wichita.edu -Dhttps.proxyHost=proxysvc-501.wichita.edu -Dhttp.proxyPort=8080 -Dhttps.proxyPort=8080 -Djava.util.logging.config.file=/etc/cas/config/logging.properties -jar /data/cas/bin/cas.war Thanks Again, Erik Mallory Server Analyst Wichita State University 316.978.3502 From: <[email protected]> on behalf of Misagh Moayyed <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Wednesday, August 28, 2019 at 3:35 AM To: CAS Community <[email protected]> Subject: Re: [cas-user] CAS 6.1-RC4 OIDC configuration Are you certain your configuration values are not overridden by something else? On Aug 28, 2019, at 1:30 AM, 'Mallory, Erik' via CAS Community <[email protected]<mailto:[email protected]>> wrote: Yes. # OpenID Authentication cas.authn.oidc.issuer=http://cas-dev.wichita.edu/cas/oidc # Skew ID tokens in minutes cas.authn.oidc.skew=5 cas.authn.oidc.jwksFile=file:/etc/cas/config/keystore.jwks cas.authn.oidc.jwksCacheInMinutes=60 #cas.authn.oidc.dynamicClientRegistrationMode=OPEN|PROTECTED cas.authn.oidc.dynamicClientRegistrationMode=PROTECTED cas.authn.oidc.subjectTypes=public,pairwise Erik Mallory Server Analyst Wichita State University 316.978.3502 From: <[email protected]<mailto:[email protected]>> on behalf of Misagh Moayyed <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Tuesday, August 27, 2019 at 2:59 AM To: CAS Community <[email protected]<mailto:[email protected]>> Subject: Re: [cas-user] CAS 6.1-RC4 OIDC configuration Have you defined an issuer? https://apereo.github.io/cas/development/configuration/Configuration-Properties.html#openid-connect On Aug 27, 2019, at 2:23 AM, 'Mallory, Erik' via CAS Community <[email protected]<mailto:[email protected]>> wrote: Hello, I'm trying to configure oAuth/OIDC and I'm running into a head scratcher. The CAS oidc/.well-known endpoint returns cas.example.org:8443<http://cas.example.org:8443/> for all of the related endpoints. Example: {"issuer":"http://cas-dev.wichita.edu/cas/oidc","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","token","id_token token"],"subject_types_supported":["public","pairwise"],"claim_types_supported":["normal"],"claims_supported":["sub","name","preferred_username","family_name","given_name","middle_name","given_name","profile","picture","nickname","website","zoneinfo","locale","updated_at","birthdate","email","email_verified","phone_number","phone_number_verified","address","gender"],"grant_types_supported":["authorization_code","password","client_credentials","refresh_token"],"id_token_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"introspection_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"claims_parameter_supported":true,"request_parameter_supported":false,"authorization_endpoint":"https://cas.example.org:8443/cas/oidc/authorize","token_endpoint":"https://cas.example.org:8443/cas/oidc/accessToken","userinfo_endpoint":"https://cas.example.org:8443/cas/oidc/profile","registration_endpoint":"https://cas.example.org:8443/cas/oidc/register","end_session_endpoint":"https://cas.example.org:8443/cas/oidc/logout","introspection_endpoint":"https://cas.example.org:8443/cas/oidc/introspect","revocation_endpoint":"https://cas.example.org:8443/cas/oidc/revoke","jwks_uri":"https://cas.example.org:8443/cas/oidc/jwks"} I thought this value was controlled by the cas.server.name property. But I guess it's elsewhere? server.context-path=/cas server.port=443 cas.server.name=https://cas-dev.wichita.edu<https://cas-dev.wichita.edu/> cas.server.prefix=https://cas-dev.wichita.edu/cas cas.host.name=cas-dev.wichita.edu<http://cas-dev.wichita.edu/> Hopefully someone can shine a light on this for me. Thanks, Erik Mallory Server Analyst Wichita State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B7E953C-586C-41E3-BB3A-73A53D433AB0%40wichita.edu. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/375F9DAF-027B-4CE0-A5F3-AE84255B3C99%40gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/375F9DAF-027B-4CE0-A5F3-AE84255B3C99%40gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/E63C583B-638A-4E54-A7C4-BC772DF53CB2%40wichita.edu<https://groups.google.com/a/apereo.org/d/msgid/cas-user/E63C583B-638A-4E54-A7C4-BC772DF53CB2%40wichita.edu?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DF7A72D8-CDF2-4BDA-B302-8A9E5A1A9E48%40gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/DF7A72D8-CDF2-4BDA-B302-8A9E5A1A9E48%40gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1FA38A82-12AA-4D92-BE6F-25755490942A%40wichita.edu.
