Hello,
I am using a test CAS 7.1.1 server running inside docker, using the below
settings:
*info*:
* description*: CAS Configuration
*cas*:
*service-registry*:
* core*:
* init-from-json*:* true*
*json*:
* location*: file:/etc/cas/services
*http-web-request*:
* cors*:
* enabled*:* false*
* server*:
* name*: *http://cas:cas_port <http://cas:cas_port>*
* prefix*: *http://cas:cas_port/cas <http://cas:cas_port/cas>*
* authn*:
* accept*:
* enabled*:* false*
* authentication-attribute-release*:
* enabled*:* true*
* attribute-repository*:
* ldap[0]*:
* bind-dn*: cn=rouser,dc=atih,dc=sante,dc=fr
* bind-credential*: ldap_rouser_password
*base-dn*: ou=agents,dc=atih,dc=sante,dc=fr
*search-filter*: uid={user}
* ldap-url*: *ldap://openldap:ldap_port*
* allow-multiple-entries*:* true*
*ldap[0]*:
* bind-dn*: cn=admin,dc=atih,dc=sante,dc=fr
* bind-credential*: ldap_admin_password
*base-dn*: ou=agents,dc=atih,dc=sante,dc=fr
*search-filter*: uid={user}
* password-encoder*:
* type*: NONE
* ldap-url*: *ldap://openldap:ldap_port*
* use-start-tls*:* false*
* type*: AUTHENTICATED
* oauth*:
* access-token*:
* crypto*:
* signing*:
* key*: 8PdeTwu4j0thSopZgFvg-oa5GR8GBTzzcmiIMo7Vh0EmoVdWK5y
Rw4U7bWyOFdI53CU0exVZQCtQlLwMWaJ_og
* encryption*:
* key*: JzJ51l362rOPDZLwhtRY3p0SJUUx5sf8ZEDAKDIkdeY
* crypto*:
* signing*:
* key*: meT8P7qpaN6bH3Bq-MsbMYQEL0iwZirR-XE-
WAJFJHWfFsEOWq57sOfeG5DJXkBIdjd5RfRT3jX6QCOAkrh99g
* encryption*:
* key*: R3i5XWWsA9WWFhLkkQFGaOprYeYt8FGTbiTmgQkkmxEv6wbN-
9YUjiPkM0Gezw_T377ORjM31JG0QNkLwXA8PQ
* session-replication*:
* cookie*:
* crypto*:
* signing*:
* key*: 8C59Wtz_K_NKozYZ7G5fBZ83II0MBBI702ZmEqdO
zXIPAI5B1MDUSVmm8w4YYzaBRjsGwG9fZBPWf-JS4yW_QQ
* encryption*:
* key*: 50kNxo6EKFQk9KOUAm0UXWhS-52Xtw_
yWatSRkBT3GVzvS5cCPr3VH9_TmyJu91isRTjc2fjEiAD0idV00CBLQ
* oidc*:
* core*:
* issuer*: *http://cas:cas_port/cas/oidc
<http://cas:cas_port/cas/oidc>*
* discovery*:
* grant-types-supported*:
- authorization_code
- "urn:ietf:params:oauth:grant-type:uma-ticket"
- "urn:ietf:params:oauth:grant-type:token-exchange"
- "urn:ietf:params:oauth:grant-type:device-code"
- refresh_token
* token-endpoint-auth-methods-supported*: client_secret_basic
* introspection-supported-authentication-methods*:
client_secret_basic
* response-types-supported*:
- code
- token
- id_token
- id_token token
- device_code
* prompt-values-supported*:
- none
- login
- consent
* logout*:
* followServiceRedirects*:* true*
* redirectParameter*: service
* confirmLogout*:* true*
* slo*:
* disabled*:* false*
* monitor*:
* endpoints*:
* endpoint*:
* defaults*:
* access*: ANONYMOUS
* ticket*:
* st*:
* time-to-kill-in-seconds*: PT3600S
*server*:
* port*: cas_port
* ssl*:
*enabled*:* false*
* keyStore*: file:/etc/cas/thekeystore
* keyStorePassword*: changeit
* keyPassword*: changeit
* servlet*:
* context-path*: /cas
#
*logging*:
* level*:
* org.apereo.cas*: DEBUG
* org.springframework*: INFO
*management*:
* endpoints*:
* web*:
* exposure*:
* include*: "*"
* enabled-by-default*:* true*
* security*:
*enabled*:* false*
I am trying to contact it using OIDC. As such, I’ve defined statically an
OidcRegisteredService as follows:
*{*
"@class" *:* "org.apereo.cas.services.OidcRegisteredService"*,*
"serviceId" *:* "^https?://oidc-client-demo.*"*,*
"name"*:* "OIDC Client Example"*,*
"id"*:* 10*,*
"evaluationOrder" *:* 10*,*
"clientId" *:* "demo-client"*,*
"clientSecret" *:* "demo-client-secret"*,*
"signIdToken" *:* *false**,*
"encryptIdToken" *:* *false**,*
"bypassApprovalPrompt" *:* *false**,*
"supportedGrantTypes" *:* *[* "java.util.HashSet"*,* *[*
"authorization_code"*]* *],*
"supportedResponseTypes" *:* *[* "java.util.HashSet"*,* *[* "code" *]*
*],*
"supportedPromptValues"*:* *[* "java.util.HashSet"*,* *[* "consent" *]*
*],*
"scopes" *:* *[* "java.util.HashSet"*,* *[* "openid"*,*"profile"*,*"email"
*,*"address"*,*"phone" *]* *],*
"attributeReleasePolicy"*:* *{*
"@class"*:* "org.apereo.cas.services.ReturnAllAttributeReleasePolic
y"
*}*
*}*
However, my oidc client fails to work with it.
When it send an authentication request, I am prompted to enter credentials
in a browser. Then, the following POST request is sent to my CAS server,
POST /cas/login?service=http%3A%2F%2Fcas%3A8080%2Fcas%2Foauth2.0%
2FcallbackAuthorize%3Fclient_id%3Ddemo-client%26scope%3Dopenid%2520profile%
2520email%26redirect_uri%3Dhttp%253A%252F%252Foidc-client-demo%252Fanything%252Fcallback%26re,
The authentication is successful, but then I do not see any approval popup
being displayed, nor can I see in network traces that when it reaches my
setup redirect_uri any parameters are provided.
[image: image.png]
Thus, the process fails at this point…
Would you know if I did something wrong while setting up my CAS server and
service ?
Of course, in the CAS logs, I cannot see any error message during the
process of the request…
Thanks in advance
Best regards,
Pierre
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9a0c054-8436-4c56-8ed8-5bb2bf6dbe67n%40apereo.org.
