Bartosz, The only cas properties I have that you do not are: cas.authn.pac4j.oidc[0].azure.discoveryUri=<https://login.microsoftonline.com/37b56a68-3494-448b-9c6b-f42f98041e00/oauth2/v2.0/>https://login.microsoftonline.com/[tenant id goes here]/oauth2/v2.0/ cas.authn.pac4j.oidc[0].azure.logoutUrl=https://login.microsoftonline.com/common/oauth2/logout
When I go from cas to azure, this is the link (from developer tools): <https://login.microsoftonline.com/37b56a68-3494-448b-9c6b-f42f98041e00/oauth2/authorize?response_type=code&redirect_uri=https://local.uvic.ca/cas/login?client_name=CasAsAClient&state=TST-1-7MlVK-yh42Y60jZJPEp6fXck45BFasyX&client_id=6d16c7e9-2c54-4c95-b78c-e9599d1edffd&scope=openid>https://login.microsoftonline.com/[tenant id goes here]/oauth2/authorize?response_type=code&redirect_uri=https://local.uvic.ca/cas/login?client_name=CasAsAClient&state=TST-1-...&client_id=[client id goes here]&scope=openid profile email In azure I added an app registration called CasAsAClient. In this application I have a web redirect url, https://local.uvic.ca/cas/login?client_name=CasAsAClient I do not have specific notes on the steps I took. I did read a lot of MS documentation and web tutorials. Ray On Thu, 2021-04-22 at 11:27 -0700, Bartosz Nitkiewicz wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. I want to setup Azure as default auth for all services. But it gives me this error AADSTS900971: No reply address provided. There are no logs on CAS server side. I think that I have missconfigure something during Azure app registration. I don't know how it shoud be configure. I want to delagate auth to Azure through OIDC. I've read that You have it working :) czwartek, 22 kwietnia 2021 o 20:18:08 UTC+2 Ray Bon napisał(a): Bartosz, After successful login on azure, cas will redirect to your intended service. Are there any error messages in the logs? Ray On Thu, 2021-04-22 at 10:18 -0700, Bartosz Nitkiewicz wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi. I got stucked. I've managed to delegate auth to Azure AD. I can login with my user and password. But after that I have AADSTS900971: No reply address provided. I don't know how to set it up properly. My registered CAS app (Azure) is redirected to my CAS server https://example.org/cas with enable ID tokens and Access tokens. "cas.authn.pac4j.name<http://cas.authn.pac4j.name>": "Azure", "cas.authn.pac4j.oidc[0].azure.autoRedirect": "true", "cas.authn.pac4j.oidc[0].azure.clientName": "Azure", "cas.authn.pac4j.oidc[0].azure.enabled": "true", "cas.authn.pac4j.oidc[0].azure.id<http://azure.id>": "xxxxx", "cas.authn.pac4j.oidc[0].azure.responseMode": "form_post", "cas.authn.pac4j.oidc[0].azure.responseType": "id_token", "cas.authn.pac4j.oidc[0].azure.scope": "openid", "cas.authn.pac4j.oidc[0].azure.secret": "xxxxxx", "cas.authn.pac4j.oidc[0].azure.tenant": "xxxxx", "cas.authn.pac4j.oidc[0].azure.useNonce": "true", I don't know if it is ok? Any hints? -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831<tel:(250)%20721-8831> | CLE 019 | [email protected] I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6050b8b83c307ef18b06c0bfa7d13b7840930119.camel%40uvic.ca.
