Hi, It should be fixed: https://github.com/pac4j/pac4j/commit/f6655ae90c753e8c8b3a632579a81feb0dfbef71 Can you test with CAS 7.0.0-RC4 and pac4j v6.0.0-RC6-SNAPSHOT (pull pac4j-core and pac4j-oidc in version 6.0.0-RC6-SNAPSHOT and exclude the same dependencies in v6.0.0-RC5). Thanks. Best regards, Jérôme
Le lundi 20 février 2023 à 07:05:47 UTC+1, wilc...@gmail.com a écrit : > Hi, > > > I am unsure if this related to Pac4j Azure Ad redirect issue > <https://groups.google.com/a/apereo.org/g/cas-user/c/xXYmX2f7rg0> or even > if its a a CAS issue, but I thought I would start here. > > I patched the above issue locally to prevent the tenant from going missing > so that I could continure on testing bit hit another error in > "org.pac4j.oidc.credentials.authenticator.OidcAuthenticator". > > When using the "cas.authn.pac4j.oidc[0].azure" it fails with the following > error > > Token response: status=401, > content={"error":"invalid_client","error_description":"AADSTS7000218: The > request body must contain the following parameter: 'client_assertion' or > 'client_secret'.\r\nTrace ID: > 2de9a836-b6a8-4ce9-bca2-a88862983800\r\nCorrelation ID: > 9ad131b2-ba04-4e51-be8d-e7f99f7a8ab9\r\nTimestamp: 2023-02-20 > 04:58:34Z","error_codes":[7000218],"timestamp":"2023-02-20 > 04:58:34Z","trace_id":"2de9a836-b6a8-4ce9-bca2-a88862983800","correlation_id":"9ad131b2-ba04-4e51-be8d-e7f99f7a8ab9","error_uri":" > https://login.microsoftonline.com/error?code=7000218 > ","claims":"{\"access_token\":{\"capolids\":{\"essential\":true,\"values\":[\"b6a5a1ff-b5f3-4f73-b5c7-91b62aba058b\"]}}}" > > If I can over to "cas.authn.pac4j.oidc[0].generic" remove the > "cas.authn.pac4j.oidc[0].azure.tenant" as that is azure specific and > correct set the discoverUri to what it should be and get the following, > > Token response: status=200, <CONTENT REMOVED> > > Regards, > Colin > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5e48959d-6a4d-47be-bbf8-79bf912b5206n%40apereo.org.