Hi,
I am unsure if this related to Pac4j Azure Ad redirect issue <https://groups.google.com/a/apereo.org/g/cas-user/c/xXYmX2f7rg0> or even if its a a CAS issue, but I thought I would start here. I patched the above issue locally to prevent the tenant from going missing so that I could continure on testing bit hit another error in "org.pac4j.oidc.credentials.authenticator.OidcAuthenticator". When using the "cas.authn.pac4j.oidc[0].azure" it fails with the following error Token response: status=401, content={"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.\r\nTrace ID: 2de9a836-b6a8-4ce9-bca2-a88862983800\r\nCorrelation ID: 9ad131b2-ba04-4e51-be8d-e7f99f7a8ab9\r\nTimestamp: 2023-02-20 04:58:34Z","error_codes":[7000218],"timestamp":"2023-02-20 04:58:34Z","trace_id":"2de9a836-b6a8-4ce9-bca2-a88862983800","correlation_id":"9ad131b2-ba04-4e51-be8d-e7f99f7a8ab9","error_uri":"https://login.microsoftonline.com/error?code=7000218","claims":"{\"access_token\":{\"capolids\":{\"essential\":true,\"values\":[\"b6a5a1ff-b5f3-4f73-b5c7-91b62aba058b\"]}}}" If I can over to "cas.authn.pac4j.oidc[0].generic" remove the "cas.authn.pac4j.oidc[0].azure.tenant" as that is azure specific and correct set the discoverUri to what it should be and get the following, Token response: status=200, <CONTENT REMOVED> Regards, Colin -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/49cc65f9-eb58-4ea9-bf33-0ba19697c006n%40apereo.org.