Hello
I have a working CAS server 5.3 with OAuth2.0 authentication enabled.
Now I'm trying to upgrade my server to version 6.1.
I get a strange error in applications that connected to CAS Server with
OAuth.
When application wants to do accessToken with POST method request denied
by CAS and CAS redirects application to login page. but with GET method
accessToken works fine.
I'm sure it is not Apache problem.
Is there any new feature or protection that causes this problem?
Thanks
Application server: 192.168.1.163
Client: 192.168.1.151
Apache Log:
192.168.1.163 - - [05/May/2020:15:08:51 +0430] "POST
/cas/oauth2.0/accessToken HTTP/1.1" 403 145
CAS log:
=============================================================
WHO: myusername
WHAT: Supplied credentials:
[UsernamePasswordCredential(username=myusername, source=null,
customFields={})]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Tue May 05 15:08:47 IRDT 2020
CLIENT IP ADDRESS: 192.168.1.151
SERVER IP ADDRESS: unknown
=============================================================
2020-05-05 15:08:47,512 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: myusername
WHAT: [result=Service Access
Granted,service=https://casserver.com/cas/oauth2....,principal=SimplePrincipal(id=myusername,
attributes={.....}),requiredAttributes={}]
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue May 05 15:08:47 IRDT 2020
CLIENT IP ADDRESS: 192.168.1.151
SERVER IP ADDRESS: unknown
=============================================================
2020-05-05 15:08:47,594 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: myusername
WHAT: [result=Service Access Granted,service=http://192.168.1.151
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue May 05 15:08:47 IRDT 2020
CLIENT IP ADDRESS: 192.168.1.151
SERVER IP ADDRESS: unknown
=============================================================
2020-05-05 15:08:47,626 INFO
[org.apereo.cas.DefaultCentralAuthenticationService] - <Granted service
ticket [ST-3-JL5BKkQx6oLTknKEjqhAyNnED58-webauth-node2] for service
[http://192.168.1.151] and principal [myusername]>
2020-05-05 15:08:47,626 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: myusername
WHAT: ST-3-JL5BKkQx6oLTknKEjqhAyNnED58-webauth-node2 for
https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=1&redirect_uri=http%3A%2F%2F192.168.1.151&response_ty...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue May 05 15:08:47 IRDT 2020
CLIENT IP ADDRESS: 192.168.1.151
SERVER IP ADDRESS: unknown
=============================================================
###############
############### This is where access denied occours:
###############
2020-05-05 15:08:51,021 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Tue May 05 15:08:51 IRDT
2020,source=RankedMultifactorAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue May 05 15:08:51 IRDT 2020
CLIENT IP ADDRESS: 192.168.1.163
SERVER IP ADDRESS: unknown
=============================================================
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c4f44b2ec2cbc1792dc7117c61ed382d%40of.iut.ac.ir.
