Hi Jeremiah,
My Service Config:
{
"@class" : "org.apereo.cas.services.OidcRegisteredService",
"clientId": "[CLIENT_ID]",
"clientSecret": "[CLIENT_SECRET]",
"serviceId" : "https://127.0.0.1/jamfconnect";,
"name" : "Mac User Login",
"id" : 1,
"attributeReleasePolicy" : {
"@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",
"allowedAttributes": {
"@class": "java.util.TreeMap",
"displayName": "Realname",
"mail": "email",
"cn": "name",
"sn": "family_name",
"sn": "familyName",
"givenName": "given_name"
}
},
"jwtAccessToken": true,
"signIdToken": false,
"encryptIdToken": false,
"signAccessToken": false,
"encryptAccessToken": false,
"evaluationOrder":1,
"bypassApprovalPrompt": true,
"supportedGrantTypes": [ "java.util.HashSet", [ "password","authorization_code"
] ],
"supportedResponseTypes": [ "java.util.HashSet", [ "code","token","id_token" ] ]
}
I think on the Jamf side we are using the Azure AD and not generic option:
https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Azure_AD_Integration.html
That was the trick to the not getting prompted.
If you use SSO though it breaks that, and they will still get prompted. It's a
bug since it tries to capture the content of the last password box to use as
the user password for the user. They are aware.
Thank you,
Matt
-----Original Message-----
From: Jeremiah Garmatter
<[email protected]<mailto:jeremiah%20garmatter%20%[email protected]%3e>>
To: CAS Community
<[email protected]<mailto:cas%20community%20%[email protected]%3e>>
Cc: [email protected]
<[email protected]<mailto:%[email protected]%22%20%[email protected]%3e>>
Subject: Re: JAMF OIDC
Date: 06/21/2023 02:13:58 PM
CAUTION: This email originated outside ofHACC. Please do not click links or
open attachments unless you recognize and/or trust the sender. Forward this
message [email protected] if you are unsure of the content.
id:HAb2e815ff6a8d6c97CC
Hi Matt,
I am looking to configure Jamf Connect with my CAS instance. I currently have
the OIDC portion working with CAS but the ROPG returns a CAS 500 internal
server error related to an "InvalidTicketException: null" error.
Did you run into anything like this when configuring CAS with JAMF Connect? The
error only happens on Resource Owner Password Grants.
Also, did you find a way to prevent users having to log in twice?
On Wednesday, May 25, 2022 at 5:08:17 PM UTC-4 [email protected] wrote:
I was able to get JAMF SSO working with OIDC, but the OIDCUsePassthroughAuth
portion of JAMF isn't working. I was wondering if anyone used JAMF with CAS and
didn't require the users to login twice?
Thank you,
Matt
To unsubscribe: email [email protected] with sender email address and
subject.
This email and any files attached from HACC, Central Pennsylvania's Community
College are confidential and intended solely for use by the individual or
entity to whom addressed. If you have received this email in error please
notify [email protected] This message may contain confidential information
and is intended only for the individual named. If you are not the named
addressee do not disseminate, distribute or copy this e-mail. Please notify the
sender immediately by e-mail if you have received this e-mail by mistake and
delete from your system. If you are not the intended recipient you are notified
that disclosing, copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/116bfa6bde75f488f011e28fd48bd2e31e7f9ccf.camel%40hacc.edu.
