We are also seeing the same issue in 6.4.4.2 . Were you able to Solve this
issue ?
On Wednesday, 25 August 2021 at 03:50:43 UTC-6 Guillaume EGRON wrote:
> Hi,
> building a cas overlay using cas initializr
>
> {"version":"6.4.0","bootVersion":"2.5.4","sync":true,"branch":"6.4","type":"cas"}
>
> Added OIDC support and test it with the sample client application found in
> the documentation
> https://apereo.github.io/cas/6.4.x/authentication/OIDC-Authentication.html#sample-client-applications
>
> CAS is deployed inside Apache Tomcat external container.
>
> Configuration in cas.properties file :
> cas.server.name=https://<domain>
> cas.server.prefix=${cas.server.name}/cas
> cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc/
>
> https://<domain>/cas/oidc/.well-known redirects to a 404 error page
>
> Client app redirects to CAS login page successfully, after submitting
> login and password, CAS redirects to Application Not Authorized to Use CAS.
> In the log file, found this message
> : [org.apereo.cas.oidc.util.OidcRequestSupport] - <Issuer
> [https://<domain>/cas/oidc] defined in CAS configuration does not match the
> request issuer [http://<domain>/cas/oidc/authorize]>
>
> Note that the request issuer in http (not https) and the ending /authorize
> endpoint
>
> Fix the cas.properties as follow
> cas.authn.oidc.core.issuer=http://<domain>/cas/oidc/authorize
>
> Restart CAS
>
> Client app redirects to CAS login page with error
> java.lang.IllegalArgumentException: Unable to locate authentication profile
> at
> org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController.lambda$redirectToCallbackRedirectUrl$0(OAuth20AuthorizeEndpointController.java:164)
> at java.base/java.util.Optional.orElseThrow(Optional.java:408)
> at
> org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController.redirectToCallbackRedirectUrl(OAuth20AuthorizeEndpointController.java:164)
> at
> org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController.handleRequest(OAuth20AuthorizeEndpointController.java:87)
> at
> org.apereo.cas.oidc.web.controllers.authorize.OidcAuthorizeEndpointController.handleRequest(OidcAuthorizeEndpointController.java:49)
>
> Downgrade CAS to CAS 6.4.0-RC6
> Configuration in cas.properties file :
> cas.server.name=https://<domain>
> cas.server.prefix=${cas.server.name}/cas
> cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc/
>
> https://<domain>/cas/oidc/.well-known redirect to a 404 error page
>
> Property cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc/ leads to
> [org.apereo.cas.oidc.util.OidcRequestSupport] - <Issuer
> [https://<domain>/cas/oidc] defined in CAS configuration does not match the
> request issuer [http://<domain>/cas/oidc/authorize]>
>
> Fix the cas.properties as follow
> cas.authn.oidc.core.issuer=http://<domain>/cas/oidc/authorize
>
> Restart CAS
>
> Client app redirects to CAS login page successfully, after submitting
> login and password, CAS redirects to Claims authorizarion page. Submit it
> Browser redirect
> to
> https://<client_app_domain>:9443/simple-web-app/openid_connect_login?code=OC-x-xxxx&state=zzz&nonce=yy
>
> and display "HTTP ERROR 401 Authentication Failed: Unable to obtain Access
> Token: 404"
>
> Downgrade CAS to CAS 6.4.0-RC5
> Configuration in cas.properties file :
> cas.server.name=https://<domain>
> cas.server.prefix=${cas.server.name}/cas
> cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc/
>
> https://<domain>/cas/oidc/.well-known redirect successfully
>
> Client app redirects to CAS login page successfully, after submitting
> login and password, CAS redirects to Claims authorizarion page. Submit it
> Client app displays ID Token and User Info
>
> Did I miss some configurations inside cas.properties starting from CAS
> 6.4.0 RC6 ?
> Or is there a bug here ?
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4850983f-567f-43a6-96da-c92149057fa2n%40apereo.org.
