This is a pac4j issue and has been raised with pac4j as https://groups.google.com/g/pac4j-dev/c/k8Dj3ihjtMU
On Monday, 20 February 2023 at 17:05:47 UTC+11 Colin Wilkinson wrote: > Hi, > > > I am unsure if this related to Pac4j Azure Ad redirect issue > <https://groups.google.com/a/apereo.org/g/cas-user/c/xXYmX2f7rg0> or even > if its a a CAS issue, but I thought I would start here. > > I patched the above issue locally to prevent the tenant from going missing > so that I could continure on testing bit hit another error in > "org.pac4j.oidc.credentials.authenticator.OidcAuthenticator". > > When using the "cas.authn.pac4j.oidc[0].azure" it fails with the following > error > > Token response: status=401, > content={"error":"invalid_client","error_description":"AADSTS7000218: The > request body must contain the following parameter: 'client_assertion' or > 'client_secret'.\r\nTrace ID: > 2de9a836-b6a8-4ce9-bca2-a88862983800\r\nCorrelation ID: > 9ad131b2-ba04-4e51-be8d-e7f99f7a8ab9\r\nTimestamp: 2023-02-20 > 04:58:34Z","error_codes":[7000218],"timestamp":"2023-02-20 > 04:58:34Z","trace_id":"2de9a836-b6a8-4ce9-bca2-a88862983800","correlation_id":"9ad131b2-ba04-4e51-be8d-e7f99f7a8ab9","error_uri":" > https://login.microsoftonline.com/error?code=7000218 > ","claims":"{\"access_token\":{\"capolids\":{\"essential\":true,\"values\":[\"b6a5a1ff-b5f3-4f73-b5c7-91b62aba058b\"]}}}" > > If I can over to "cas.authn.pac4j.oidc[0].generic" remove the > "cas.authn.pac4j.oidc[0].azure.tenant" as that is azure specific and > correct set the discoverUri to what it should be and get the following, > > Token response: status=200, <CONTENT REMOVED> > > Regards, > Colin > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8f185a89-c5e7-4908-ac12-053c05f00e38n%40apereo.org.
