I got the login button working. The original overlay works as is as soon as I set the pac4j configuration.
On Tuesday, August 27, 2024 at 1:10:29 AM UTC-4 Doe wrote: > Pablo, > > I am currently doing what you did. > Per your first posting, you were able to display the button for delegated > login. > > Did you modify the login page to add the button? If so, can you share the > HREF for the button? Of click event URL? > > Best, > Doe > > > On Friday, January 5, 2024 at 1:00:48 AM UTC-5 Pablo Vidaurri wrote: > >> To close on this issue. I found it was related to having to TGC cookies. >> Stumbling across this post >> <https://groups.google.com/u/1/a/apereo.org/g/cas-user/c/xsc-_CTMjvA>, I >> see the same use case being an issue since 2021. I have users either login >> into CAS login page directly which authenticates against LDAP or the user >> clicks on a delegated login button (out of the box function via config) >> which redirects them to Azure AD for authentication. It is when the user >> clicks on the Azure AD button that I get two TGC and no session get created >> on the browser. >> >> I've worked around this for now by commenting out this line from >> *InitialFlowSetupAction*.java *configureWebflowForTicketGrantingTicket * >> method. >> clearTicketGrantingCookieFromContext(context, null); >> >> -psv >> >> On Tuesday, January 2, 2024 at 8:33:58 PM UTC-6 Pablo Vidaurri wrote: >> >>> It looks like TGC is getting clobbered. >>> >>> On redirect back to CAS with id_token: >>> https://mydomain.com/cas/login?id_token= >>> <REMOVED>&state=bfed6b9641&session_state=<REMOVE>&client_name=AzureAdClient >>> >>> I'm getting two TGC cookie values: >>> TGC=<REMOVED>; Path=/cas; SameSite=None; Secure; HttpOnly >>> LANGUAGE_OPTION=en; path=/; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 >>> GMT >>> TGC=""; Version=1; Path=/cas; Secure; HttpOnly; Max-Age=0; Expires=Thu, >>> 01-Jan-1970 00:00:00 GMT; Comment="CAS Cookie" >>> >>> This is out of the box CAS v 6.6.14. >>> >>> -psv >>> >>> On Tuesday, January 2, 2024 at 10:31:58 AM UTC-6 Pablo Vidaurri wrote: >>> >>>> Hello, still struggling with getting Azure AD setup. Tried with both >>>> CAS 6.6.8 and 6.6.12. >>>> >>>> - I am able to display the button for delegated login >>>> - I get redirected to Azure when clicked >>>> - I am able to login with my AD credentials >>>> - I get redirected to my app with id_token query param which >>>> contains jwt of my user attributes >>>> - I can verify the id_token value using jwt.ms to view the decoded >>>> token. >>>> - I am able to see default casGenericSuccessView.html page with >>>> principal and user attributes from AD >>>> - But it does not look like a session is actually created. >>>> https://mydomain.com/security/actuator/sso returns a 400 >>>> >>>> This is not problem when I use ldap to authenticate. >>>> >>>> In my db, i see TransientSessionTicket and TicketGrantingTicket records >>>> being created. >>>> >>>> I have the following config: >>>> >>>> cas.authn.pac4j.oidc[0].azure.discovery-uri= >>>> https://login.microsoftonline.com/ >>>> <hidden>/v2.0/.well-known/openid-configuration >>>> cas.authn.pac4j.oidc[0].azure.id=<hidden> >>>> cas.authn.pac4j.oidc[0].azure.secret=<hidden> >>>> cas.authn.pac4j.oidc[0].azure.tenant=<hidden> >>>> cas.authn.pac4j.oidc[0].azure.mapped-claims.Email=upn >>>> >>>> cas.authn.pac4j.oidc[0].azure.enabled=true >>>> cas.authn.pac4j.oidc[0].azure.client-name=AzureAdClient >>>> cas.authn.pac4j.oidc[0].azure.display-name=Azure AD >>>> cas.authn.pac4j.oidc[0].azure.auto-redirect-type=NONE >>>> cas.authn.pac4j.oidc[0].azure.callback-url-type=PATH_PARAMETER >>>> cas.authn.pac4j.oidc[0].azure.logout-url= >>>> https://login.microsoftonline.com/common/oauth2/logout >>>> cas.authn.pac4j.oidc[0].azure.use-nonce=true >>>> >>>> cas.authn.pac4j.oidc[0].azure.principal-attribute-id=userId >>>> cas.authn.pac4j.oidc[0].azure.response-mode=form_post >>>> cas.authn.pac4j.oidc[0].azure.response-type=id_token >>>> cas.authn.pac4j.oidc[0].azure.scope=openid,profile,email >>>> >>>> Any insight would be appreciated. >>>> -psv >>>> >>> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/06c53724-8828-49a9-ac0e-df56e8920663n%40apereo.org.
