Hi,
I'm simply getting :
*2023-07-10 06:31:50,609 INFO [org.apereo.cas.web.CasWebApplicationReady] -
<Ready to process requests @ [2023-07-10T06:31:50.562Z]>2023-07-10
06:32:21,021 INFO
[org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <[0]
expired tickets removed.>2023-07-10 06:33:48,750 WARN
[org.apereo.cas.services.RegisteredServiceAccessStrategyUtils] -
<Unauthorized Service Access. Service
[41ff9715-bd3e-473c-9888-e2d5a1364c2a] is not registered in service
registry.>*
And no I'm not connected, I'm reaching directly this page and I'm always
doing these tests in a private browser session.
Le mardi 4 juillet 2023 à 20:36:08 UTC+2, Ray Bon a écrit :
> Jérémie,
>
> What do the cas logs say about the authentication event (may need debug
> level)?
>
> The authorize URL comes after the authentication step. Are you logged in,
> in that browser?
>
> Ray
>
> On Tue, 2023-06-27 at 06:30 -0700, Jérémie wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> Hi,
>
> I'm pretty new to cas (6.6.8) and I'm trying to connect an test
> application to my CAS server using OIDC. I'm used to Okta, Auth0, etc so
> OIDC is not new to me, just CAS configuration.
>
> My Cas is also connected to an AD to sign in.
>
> This is my Cas server configuration using OIDC module
> (org.apereo.cas:cas-server-support-oidc) :
>
> # Server
> server.port=443
>
> # SSL
> server.ssl.enabled=true
> server.ssl.key-store=file:{path}
> server.ssl.key-store-password=xxx
> server.ssl.key-password=xxx
>
> # CAS
> cas.server.name=https://URL:443
> cas.server.prefix=${cas.server.name}/cas
> cas.logout.followServiceRedirects=true
> cas.authn.accept.enabled=false
>
> # Active Directory
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://localhost:389
> cas.authn.ldap[0].useStartTls=false
> cas.authn.ldap[0].baseDn=DC=AAA,DC=BBB
> cas.authn.ldap[0].search-filter=(sAMAccountName={user})
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=USER
> cas.authn.ldap[0].bindCredential=XXX
>
> # OIDC settings
> cas.authn.oidc.core.issuer=https://URL/cas/oidc
> cas.authn.oidc.core.skew=5
> cas.authn.oidc.jwks.file-system.jwks-file=file:C:\Program Files\Tomcat
> 9.0\etc\cas\config\keystore.jwks
>
> # Encryption/Signing keys
> cas.tgc.crypto.encryption.key=SN7Vpa8oHvXfh2hDZp8ANxZGRkF1DvKbYLTy_Vip2dI
>
> cas.tgc.crypto.signing.key=KwbtZl2y5sidXFMShjVm4PiGwjVQ0Fq-ZBp0A_HUK6IOnoS2h0E5cSfp7vy8uioqX04yKIBXcU0kUm6DRuPCZQ
>
> cas.webflow.crypto.signing.key=MltIqyj_vGFgZKFfw8vmoqYIYYu_KEU20AyZaAIDZl_Xjhl0ZGpPNe4h4N7-8p1_pNi-s97TQKb1-INp9VEwEA
> cas.webflow.crypto.encryption.key=3Mh_pdDFLPCMgacDL6z8SQ
>
> ---
>
> This is my /etc/config/services file :
> {
> "@class": "org.apereo.cas.services.OidcRegisteredService",
> "serviceId": "https://localhost:3000/callback";, --> my app URL
> "name": "OIDC",
> "id": 1,
> "clientId": "41ff9715-bd3e-473c-9888-e2d5a1364c2a",
> "clientSecret": "SECRET",
> "bypassApprovalPrompt": true,
> "generateRefreshToken": true,
> "evaluationOrder": 10000
> }
>
> ---
>
> This is my test application config (Node.js app) :
> {
> "domain": "cas.lyvoc.com/cas/oidc",
> "clientId": "41ff9715-bd3e-473c-9888-e2d5a1364c2a",
> }
>
> This application was used for other IdP so it won't come from this. When
> hitting login on it, this is the /authorize URL I'm getting redirected to :
> *https://URL/cas/oidc/authorize?client_id=41ff9715-bd3e-473c-9888-e2d5a1364c2a&acr=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fmulti-factor&scope=openid%20profile%20email%20read%3Aall&response_type=code&response_mode=query&state=dGEwS21Ddm52WUNXc254c2ptRmNzQjBOZGNTSGlPZzZ1R1AxVldOTl9lMA%3D%3D&nonce=RUIzY1hEbWJmWDZJYjNWOWh3QVJZcjBBdVNDOGt0RVdjYVl6WEZ1R0tXYQ%3D%3D&redirect_uri=http%3A%2F%2Flocalhost%3A3000&code_challenge=2Mln96FLN8s0qylEMY9yuC7ucbKioF9cGMIYG5B4q8s&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTkuNCJ9
>
> <https://URL/cas/oidc/authorize?client_id=41ff9715-bd3e-473c-9888-e2d5a1364c2a&acr=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fmulti-factor&scope=openid%20profile%20email%20read%3Aall&response_type=code&response_mode=query&state=dGEwS21Ddm52WUNXc254c2ptRmNzQjBOZGNTSGlPZzZ1R1AxVldOTl9lMA%3D%3D&nonce=RUIzY1hEbWJmWDZJYjNWOWh3QVJZcjBBdVNDOGt0RVdjYVl6WEZ1R0tXYQ%3D%3D&redirect_uri=http%3A%2F%2Flocalhost%3A3000&code_challenge=2Mln96FLN8s0qylEMY9yuC7ucbKioF9cGMIYG5B4q8s&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTkuNCJ9>*
>
> The issue is that I'm getting redirected to a CAS page, but saying
> "Authorization
> Denied". I'm not getting redirected to the authentication page or anything
> like that :
> [image: firefox_u32LfLkefz.png]
>
> I'm not finding anything on the net for this.
>
> Thanks for any help !
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/924b60a7-fc13-49f8-9eda-8f55df6394a5n%40apereo.org.
