Hello, I'm trying to test a POC with *CAS Delegated Authentication* *PAC4J*.
The target Authentication flow is the following: 1. Client requests access to SP (SAML client) 2. SP redirects to my CAS Server (SAML IDP) 3. CAS IDP displays the authentication methods (MENU) 4. User selects oidcClient 5. The oidc IDP displays the login page 6. The authentication is accepted 7. SP displays the secured ressource The is no problem on the steps 1 to 6. The 7th step does'nt work and CAS displays an error message (translated): "Application not authorized to use CAS... may be not registered application.." The error message on the server is ERROR [org.apereo.cas.web.flow.DefaultDelegatedClientAuthenticationWebflowManager] - <Delegated client identifier cannot be located in the authentication request [http://localhost:8447/cas/login?code=kgh33f0wEwwRVIr-wS14uKjOFiJQGIv3oU_me-AKnEYZG&state=589160ah66&client_name=oidcFederation]> ERROR [org.apereo.cas.web.flow.actions.DelegatedClientAuthenticationAction] - < DefaultDelegatedClientAuthenticationWebflowManager.java:retrieveSessionTicketViaClientId:236 DefaultDelegatedClientAuthenticationWebflowManager.java:retrieve:84 DelegatedClientAuthenticationAction.java:restoreAuthenticationRequestInContext:285 > The configuration is as the following : cas.authn.pac4j.oidc[0].generic.type=GENERIC cas.authn.pac4j.oidc[0].generic.useNonce=true cas.authn.pac4j.oidc[0].generic.disable-pkce=true cas.authn.pac4j.oidc[0].generic.scope=openid profile email cas.authn.pac4j.oidc[0].generic.discovery-uri=https://{url}/.well-known/openid-configuration cas.authn.pac4j.oidc[0].generic.id={id} cas.authn.pac4j.oidc[0].generic.secret={secret} cas.authn.pac4j.oidc[0].generic.client-name=oidcFederation cas.authn.pac4j.oidc[0].generic.principal-id-attribute=email cas.authn.pac4j.oidc[0].generic.preferred-jws-algorithm=RS256 cas.authn.pac4j.oidc[0].generic.client-authentication-method=client_secret_basic cas.authn.pac4j.oidc[0].generic.supported-client-authentication-methods=client_secret_basic,client_secret_post The saml client is declared as the following: { "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", "serviceId" : "Example1", "name" : "example1", "theme" : "apereo", "id" : 10000322, "description" : "example1", "evaluationOrder" : 8, "metadataLocation" : "/etc/config/cas/clients/example1/metadata/example1_metadata.xml" } in the log I can see : ACTION: DELEGATED_CLIENT_SUCCESS but after that it displays : ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED When debugging the delegatedclientid request parameter is empty. Is it related to miss configuration. Can anyone share a working configuration sample thank you. Best regards -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALmwvca7rAVUUqSjJKx%2BO-Rs-SVjJUKDBxZ%2BZ7OvkfTUaD7aaw%40mail.gmail.com.
