Hello, still struggling with getting Azure AD setup. Tried with both CAS 6.6.8 and 6.6.12.
- I am able to display the button for delegated login - I get redirected to Azure when clicked - I am able to login with my AD credentials - I get redirected to my app with id_token query param which contains jwt of my user attributes - I can verify the id_token value using jwt.ms to view the decoded token. - I am able to see default casGenericSuccessView.html page with principal and user attributes from AD - But it does not look like a session is actually created. https://mydomain.com/security/actuator/sso returns a 400 This is not problem when I use ldap to authenticate. In my db, i see TransientSessionTicket and TicketGrantingTicket records being created. I have the following config: cas.authn.pac4j.oidc[0].azure.discovery-uri=https://login.microsoftonline.com/<hidden>/v2.0/.well-known/openid-configuration cas.authn.pac4j.oidc[0].azure.id=<hidden> cas.authn.pac4j.oidc[0].azure.secret=<hidden> cas.authn.pac4j.oidc[0].azure.tenant=<hidden> cas.authn.pac4j.oidc[0].azure.mapped-claims.Email=upn cas.authn.pac4j.oidc[0].azure.enabled=true cas.authn.pac4j.oidc[0].azure.client-name=AzureAdClient cas.authn.pac4j.oidc[0].azure.display-name=Azure AD cas.authn.pac4j.oidc[0].azure.auto-redirect-type=NONE cas.authn.pac4j.oidc[0].azure.callback-url-type=PATH_PARAMETER cas.authn.pac4j.oidc[0].azure.logout-url=https://login.microsoftonline.com/common/oauth2/logout cas.authn.pac4j.oidc[0].azure.use-nonce=true cas.authn.pac4j.oidc[0].azure.principal-attribute-id=userId cas.authn.pac4j.oidc[0].azure.response-mode=form_post cas.authn.pac4j.oidc[0].azure.response-type=id_token cas.authn.pac4j.oidc[0].azure.scope=openid,profile,email Any insight would be appreciated. -psv -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9407fbd-2cbe-40bc-9dcb-0a2fbe50bddcn%40apereo.org.
