Re: [cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-04-06 Thread Anuja Paradkar 
Thanks for the mail. Sure will check that. 

I will appreciate if you can help me finding what might be happening in 
step number 4 below. This is forceful scenario to reproduce the problem 
(please note in prod this is random and scenario might be different): 

1) Let your application take you to login page.
URL looks something like: https://my-cas-service/cas/login?service= 

...

2) Copy entire url with query parameters.

3) Login to  your application.

4) Open the new tab, and try to place copied url in browser. And this time 
you are redirected to "/" domain.

This is forced scenario but I am trying to understand what might be 
happening in 4th step.  It does log the message that "ticket is validated" 
but do not get redirected correct. No exception, no error. 

There is default url mapped in code is "/",

>From DefaultCallbackLogic.java

if (inputDefaultUrl == null) {
defaultUrl = "/";
}


I will try to debug more but since it is critical, escalating to CAS for 
speedy help.


On Friday, 5 April 2019 15:13:05 UTC-6, rbon wrote:
>
> Anuja,
>
> What you are seeing are duplicate log entries (time stamps match).
> Check 'additivity' in log4j2.xml to make sure only one message is logged.
>
> Ray
>
> On Fri, 2019-04-05 at 13:41 -0700, Anuja Paradkar wrote:
>
> Log file shows it creates and validates same ticket twice, no doubt during 
> second validation it wont find entry for that service. Funny thing it does 
> not throw exception but just uses default redirect path which is "/" in CAS 
> source code. 
>
>
> [[32m2019-04-02 19:58:09,776 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: x...@gmail.com 
> WHAT: ST-83-gVx1tobXZNRrHco67XXqw73OFnshrb-service-cas-86f7c5ff89-5vt28 
> for 
> https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi.
> ..
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Tue Apr 02 19:58:09 GMT 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
> =
>
> >^[[m
> ^[[32m2019-04-02 19:58:09,776 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: x...@gmail.com 
> WHAT: ST-83-gVx1tobXZNRrHco67XXqw73OFnshrb-service-cas-86f7c5ff89-5vt28 
> for 
> https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi.
> ..
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Tue Apr 02 19:58:09 GMT 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
> =
>
> >^[[m
> ^[[32m2019-04-02 19:58:10,086 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: audit:unknown
> WHAT: [result=Service Access Granted,service=https://my-client-app.
> ..,principal=SimplePrincipal(id=x...@gmail.com , 
> attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
> ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Tue Apr 02 19:58:10 GMT 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
> =
>
> >^[[m
> ^[[32m2019-04-02 19:58:10,086 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: audit:unknown
> WHAT: [result=Service Access Granted,service=https://my-client-app.
> ..,principal=SimplePrincipal(id=x...@gmail.com , 
> attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
> ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Tue Apr 02 19:58:10 GMT 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
> =
>
> >^[[m
> ^[[32m2019-04-02 19:58:10,090 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -  trail record BEGIN
> =
> WHO: x...@gmail.com 
> WHAT: ST-83-gVx1tobXZNRrHco67XXqw73OFnshrb-service-cas-86f7c5ff89-5vt28
> ACTION: SERVICE_TICKET_VALIDATED
> APPLICATION: CAS
> WHEN: Tue Apr 02 19:58:10 GMT 2019
> CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
> SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
> =
>
> >^[[m
> ^[[32m2019-04-02

[cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-04-06 Thread Anuja Paradkar 


On Tuesday, 5 September 2017 21:13:56 UTC-6, Zhang Yu wrote:
>
> env:
> Java 8, CAS 5.1.3, Tomcat 8.5 (standalone), IntelliJ, macOS Sierra.
>
> pom.xml:
>
> 
> 5.1.3
> 
>
> 
> 
> org.apereo.cas
> cas-server-webapp
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-jdbc
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-json-service-registry
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-webapp-config-security
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-oauth-webflow
> ${cas.version}
> 
>
> 
> com.oracle
> ojdbc8
> 12.2.0.1
> 
> 
>
>
> CAS runs fine at http://127.0.0.1:8080.
>
> Registered a JSON service with CAS to act as a demo OAuth client:
>
> {
>   "@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "serviceId": "http://(127.0.0.1|localhost):8081/login/oauth2/cas",
>   "clientId": "clientid",
>   "clientSecret": "clientSecret",
>   "name": "OAuth20ClientDemo",
>   "id": 1002,
>   "description": "",
>   "evaluationOrder": 0,
>   "attributeReleasePolicy": {
> "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>   }
> }
>
> When CAS starts, it automatically generate another JSON service (which 
> seems a bit weird, however I cannot tell whether it is normal or not):
>
> {
>   @class: org.apereo.cas.services.RegexRegisteredService
>   serviceId: http://localhost:8080/oauth2.0/callbackAuthorize.*
>   name: RegexRegisteredService
>   id: 103356745490349536
>   description: OAuth Authentication Callback Request URL
>   proxyPolicy:
>   {
> @class: org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy
>   }
>   evaluationOrder: 0
>   usernameAttributeProvider:
>   {
> @class: 
> org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider
> canonicalizationMode: NONE
> encryptUsername: false
>   }
>   attributeReleasePolicy:
>   {
> @class: org.apereo.cas.services.DenyAllAttributeReleasePolicy
> principalAttributesRepository:
> {
>   @class: 
> org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository
>   expiration: 2
>   timeUnit: HOURS
> }
> authorizedToReleaseCredentialPassword: false
> authorizedToReleaseProxyGrantingTicket: false
> excludeDefaultAttributes: true
>   }
>   multifactorPolicy:
>   {
> @class: 
> org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
> failureMode: CLOSED
> bypassEnabled: false
>   }
>   accessStrategy:
>   {
> @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
> enabled: true
> ssoEnabled: true
> requireAllAttributes: true
> caseInsensitive: false
>   }
> }
>
> The demo client runs as another standalone Tomcat app at 
> http://127.0.0.1:8081.
>
> Now comes the testing process.
>
> The first steps of the process look good:
>
> http://localhost:8081/login/oauth2/cas
> 302 ->
>
> http://127.0.0.1:8080/oauth2.0/authorize?client_id=clientid_uri=http://localhost:8081/login/oauth2/cas_type=code=2YqY0c
> 302 ->
>
> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>
> After inputing correct username/password in the form and press LOGIN, A 
> POST is submitted to:
>
> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>
> The response is a 302 to the following url:
>
>
> http://localhost:8080/oauth2.0/callbackAuthorize?client_name=CasOAuthClient_id=clientid_uri=http://localhost:8081/login/oauth2/cas=ST-6-T71F2TDPjCsPF9d3Shby-localhost
>
> *Here comes the problem: The response of the above url 
> (/callbackAuthorize) is a 302 redirection to '/' (root path of CAS), which 
> then redirects to the login page (/login). *
>
> I think the expected behavior of /callbackAuthorize should be a 
> redirection back to the client app at 
> http://localhost:8081/login/oauth2/cas with the OAuth token issued.
>
> Did I get anything wrong or miss any configurations?
>
> Thanks.
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit

Re: [cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-04-05 Thread Ray Bon 
Anuja,

What you are seeing are duplicate log entries (time stamps match).
Check 'additivity' in log4j2.xml to make sure only one message is logged.

Ray

On Fri, 2019-04-05 at 13:41 -0700, Anuja Paradkar wrote:
Log file shows it creates and validates same ticket twice, no doubt during 
second validation it wont find entry for that service. Funny thing it does not 
throw exception but just uses default redirect path which is "/" in CAS source 
code.


[[32m2019-04-02 19:58:09,776 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:09 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:09,776 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:09 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,086 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my-client-app...,principal=SimplePrincipal(id=x...@gmail.com,
 attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:10 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,086 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my-client-app...,principal=SimplePrincipal(id=x...@gmail.com,
 attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:10 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,090 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - ^[[m
^[[32m2019-04-02 19:58:10,090 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/88643054fe6167e706a53af091dd1d51561fc0b2.camel%40uvic.ca.

[cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-04-05 Thread Anuja Paradkar 
Log file shows it creates and validates same ticket twice, no doubt during 
second validation it wont find entry for that service. Funny thing it does 
not throw exception but just uses default redirect path which is "/" in CAS 
source code.


[[32m2019-04-02 19:58:09,776 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:09 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:09,776 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://service-cas/cas/oauth2.0/callbackAuthorize?client_id=APPID1_uri=https%3A%2F%2Fservi...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:09 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,086 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my-client-app...,principal=SimplePrincipal(id=x...@gmail.com,
 
attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:10 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,086 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://my-client-app...,principal=SimplePrincipal(id=x...@gmail.com,
 
attributes={userAccountId=4670, last_name=Mitchell, source=VA, userRole=
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Apr 02 19:58:10 GMT 2019
CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1
SERVER IP ADDRESS: 0:0:0:0:0:0:0:1
=

>^[[m
^[[32m2019-04-02 19:58:10,090 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - ^[[m
^[[32m2019-04-02 19:58:10,090 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - 
> Facing same issue with 5.3.1, but on random occasion. Wondering were you 
> able to resolve this.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/08f4d054-95a2-4d38-9c90-71f5e73e287a%40apereo.org.

[cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-04-03 Thread Anuja Paradkar 
Facing same issue with 5.3.1, but on random occasion. Wondering were you 
able to resolve this.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/8a4762d6-5af5-4cc3-9cba-cbedd91d62c9%40apereo.org.

[cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-02-28 Thread Andy Ng 
Cas server is design to only work with https, please change to use https even 
if you are testing only -Andy

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/106b4ca6-54a6-44b1-8d4d-92f925462524%40apereo.org.

[cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-02-28 Thread Diego Henrique Pagani 
Hi guys,

I'm facing the same issue with 6.0.0 and 6.0.1. I'm not using https and 
using custom context-path (setting the server.servlet.context-path param)

Does anyone have found  the solution ?

Em quarta-feira, 6 de setembro de 2017 00:13:56 UTC-3, Zhang Yu escreveu:
>
> env:
> Java 8, CAS 5.1.3, Tomcat 8.5 (standalone), IntelliJ, macOS Sierra.
>
> pom.xml:
>
> 
> 5.1.3
> 
>
> 
> 
> org.apereo.cas
> cas-server-webapp
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-jdbc
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-json-service-registry
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-webapp-config-security
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-oauth-webflow
> ${cas.version}
> 
>
> 
> com.oracle
> ojdbc8
> 12.2.0.1
> 
> 
>
>
> CAS runs fine at http://127.0.0.1:8080.
>
> Registered a JSON service with CAS to act as a demo OAuth client:
>
> {
>   "@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "serviceId": "http://(127.0.0.1|localhost):8081/login/oauth2/cas",
>   "clientId": "clientid",
>   "clientSecret": "clientSecret",
>   "name": "OAuth20ClientDemo",
>   "id": 1002,
>   "description": "",
>   "evaluationOrder": 0,
>   "attributeReleasePolicy": {
> "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>   }
> }
>
> When CAS starts, it automatically generate another JSON service (which 
> seems a bit weird, however I cannot tell whether it is normal or not):
>
> {
>   @class: org.apereo.cas.services.RegexRegisteredService
>   serviceId: http://localhost:8080/oauth2.0/callbackAuthorize.*
>   name: RegexRegisteredService
>   id: 103356745490349536
>   description: OAuth Authentication Callback Request URL
>   proxyPolicy:
>   {
> @class: org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy
>   }
>   evaluationOrder: 0
>   usernameAttributeProvider:
>   {
> @class: 
> org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider
> canonicalizationMode: NONE
> encryptUsername: false
>   }
>   attributeReleasePolicy:
>   {
> @class: org.apereo.cas.services.DenyAllAttributeReleasePolicy
> principalAttributesRepository:
> {
>   @class: 
> org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository
>   expiration: 2
>   timeUnit: HOURS
> }
> authorizedToReleaseCredentialPassword: false
> authorizedToReleaseProxyGrantingTicket: false
> excludeDefaultAttributes: true
>   }
>   multifactorPolicy:
>   {
> @class: 
> org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
> failureMode: CLOSED
> bypassEnabled: false
>   }
>   accessStrategy:
>   {
> @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
> enabled: true
> ssoEnabled: true
> requireAllAttributes: true
> caseInsensitive: false
>   }
> }
>
> The demo client runs as another standalone Tomcat app at 
> http://127.0.0.1:8081.
>
> Now comes the testing process.
>
> The first steps of the process look good:
>
> http://localhost:8081/login/oauth2/cas
> 302 ->
>
> http://127.0.0.1:8080/oauth2.0/authorize?client_id=clientid_uri=http://localhost:8081/login/oauth2/cas_type=code=2YqY0c
> 302 ->
>
> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>
> After inputing correct username/password in the form and press LOGIN, A 
> POST is submitted to:
>
> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>
> The response is a 302 to the following url:
>
>
> http://localhost:8080/oauth2.0/callbackAuthorize?client_name=CasOAuthClient_id=clientid_uri=http://localhost:8081/login/oauth2/cas=ST-6-T71F2TDPjCsPF9d3Shby-localhost
>
> *Here comes the problem: The response of the above url 
> (/callbackAuthorize) is a 302 redirection to '/' (root path of CAS), which 
> then redirects to the login page (/login). *
>
> I think the expected behavior of /callbackAuthorize should be a 
> redirection back to the client app at 
> http://localhost:8081/login/oauth2/cas with the OAuth token issued.
>
> Did I get anything wrong or miss any configurations?
>
> Thanks.
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop

[cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2019-02-28 Thread Diego Henrique Pagani 
Hi guys,

I'm facing the same issue with 6.0.0 and 6.0.1. I'm not using https. Does

Em quarta-feira, 6 de setembro de 2017 00:13:56 UTC-3, Zhang Yu escreveu:
>
> env:
> Java 8, CAS 5.1.3, Tomcat 8.5 (standalone), IntelliJ, macOS Sierra.
>
> pom.xml:
>
> 
> 5.1.3
> 
>
> 
> 
> org.apereo.cas
> cas-server-webapp
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-jdbc
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-json-service-registry
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-webapp-config-security
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-oauth-webflow
> ${cas.version}
> 
>
> 
> com.oracle
> ojdbc8
> 12.2.0.1
> 
> 
>
>
> CAS runs fine at http://127.0.0.1:8080.
>
> Registered a JSON service with CAS to act as a demo OAuth client:
>
> {
>   "@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "serviceId": "http://(127.0.0.1|localhost):8081/login/oauth2/cas",
>   "clientId": "clientid",
>   "clientSecret": "clientSecret",
>   "name": "OAuth20ClientDemo",
>   "id": 1002,
>   "description": "",
>   "evaluationOrder": 0,
>   "attributeReleasePolicy": {
> "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>   }
> }
>
> When CAS starts, it automatically generate another JSON service (which 
> seems a bit weird, however I cannot tell whether it is normal or not):
>
> {
>   @class: org.apereo.cas.services.RegexRegisteredService
>   serviceId: http://localhost:8080/oauth2.0/callbackAuthorize.*
>   name: RegexRegisteredService
>   id: 103356745490349536
>   description: OAuth Authentication Callback Request URL
>   proxyPolicy:
>   {
> @class: org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy
>   }
>   evaluationOrder: 0
>   usernameAttributeProvider:
>   {
> @class: 
> org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider
> canonicalizationMode: NONE
> encryptUsername: false
>   }
>   attributeReleasePolicy:
>   {
> @class: org.apereo.cas.services.DenyAllAttributeReleasePolicy
> principalAttributesRepository:
> {
>   @class: 
> org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository
>   expiration: 2
>   timeUnit: HOURS
> }
> authorizedToReleaseCredentialPassword: false
> authorizedToReleaseProxyGrantingTicket: false
> excludeDefaultAttributes: true
>   }
>   multifactorPolicy:
>   {
> @class: 
> org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
> failureMode: CLOSED
> bypassEnabled: false
>   }
>   accessStrategy:
>   {
> @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
> enabled: true
> ssoEnabled: true
> requireAllAttributes: true
> caseInsensitive: false
>   }
> }
>
> The demo client runs as another standalone Tomcat app at 
> http://127.0.0.1:8081.
>
> Now comes the testing process.
>
> The first steps of the process look good:
>
> http://localhost:8081/login/oauth2/cas
> 302 ->
>
> http://127.0.0.1:8080/oauth2.0/authorize?client_id=clientid_uri=http://localhost:8081/login/oauth2/cas_type=code=2YqY0c
> 302 ->
>
> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>
> After inputing correct username/password in the form and press LOGIN, A 
> POST is submitted to:
>
> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>
> The response is a 302 to the following url:
>
>
> http://localhost:8080/oauth2.0/callbackAuthorize?client_name=CasOAuthClient_id=clientid_uri=http://localhost:8081/login/oauth2/cas=ST-6-T71F2TDPjCsPF9d3Shby-localhost
>
> *Here comes the problem: The response of the above url 
> (/callbackAuthorize) is a 302 redirection to '/' (root path of CAS), which 
> then redirects to the login page (/login). *
>
> I think the expected behavior of /callbackAuthorize should be a 
> redirection back to the client app at 
> http://localhost:8081/login/oauth2/cas with the OAuth token issued.
>
> Did I get anything wrong or miss any configurations?
>
> Thanks.
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit

Re: [cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2017-12-04 Thread Sandor Juhasz 
We are on https. For a while it works and at some point - somehow related 
to existing/expired session it goes to location /.

On Monday, December 4, 2017 at 12:51:03 PM UTC+1, Fei Wang wrote:
>
> When I use HTTPS , the issue gone.  What's the trick here?
>
> On Mon, Dec 4, 2017 at 7:27 PM, Sandor Juhasz  > wrote:
>
>> Happening to us with 5.1.6, using openid connect webflow. Same symptoms, 
>> only thing making it 
>> interesting is that it does not happen every time.
>>
>> See threads:
>> https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/TDh7Zz7g5TY
>>  
>>
>> --
>> *Sándor Juhász*
>> System Administrator
>> *ChemAxon* *Ltd*.
>> Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031
>> Cell: +36704258964
>>
>> On Mon, Dec 4, 2017 at 11:45 AM, Fei Wang > > wrote:
>>
>>> I met the exactly same problem . Have you resolve it ? 
>>>
>>>
>>> On Wednesday, September 6, 2017 at 11:13:56 AM UTC+8, Zhang Yu wrote:

 env:
 Java 8, CAS 5.1.3, Tomcat 8.5 (standalone), IntelliJ, macOS Sierra.

 pom.xml:

 
 5.1.3
 

 
 
 org.apereo.cas
 cas-server-webapp
 ${cas.version}
 war
 runtime
 
 
 org.apereo.cas
 cas-server-support-jdbc
 ${cas.version}
 
 
 org.apereo.cas
 
 cas-server-support-json-service-registry
 ${cas.version}
 
 
 org.apereo.cas
 cas-server-webapp-config-security
 ${cas.version}
 
 
 org.apereo.cas
 cas-server-support-oauth-webflow
 ${cas.version}
 

 
 com.oracle
 ojdbc8
 12.2.0.1
 
 


 CAS runs fine at http://127.0.0.1:8080.

 Registered a JSON service with CAS to act as a demo OAuth client:

 {
   "@class": 
 "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
   "serviceId": "http://(127.0.0.1|localhost):8081/login/oauth2/cas",
   "clientId": "clientid",
   "clientSecret": "clientSecret",
   "name": "OAuth20ClientDemo",
   "id": 1002,
   "description": "",
   "evaluationOrder": 0,
   "attributeReleasePolicy": {
 "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
   }
 }

 When CAS starts, it automatically generate another JSON service (which 
 seems a bit weird, however I cannot tell whether it is normal or not):

 {
   @class: org.apereo.cas.services.RegexRegisteredService
   serviceId: http://localhost:8080/oauth2.0/callbackAuthorize.*
   name: RegexRegisteredService
   id: 103356745490349536
   description: OAuth Authentication Callback Request URL
   proxyPolicy:
   {
 @class: org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy
   }
   evaluationOrder: 0
   usernameAttributeProvider:
   {
 @class: 
 org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider
 canonicalizationMode: NONE
 encryptUsername: false
   }
   attributeReleasePolicy:
   {
 @class: org.apereo.cas.services.DenyAllAttributeReleasePolicy
 principalAttributesRepository:
 {
   @class: 
 org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository
   expiration: 2
   timeUnit: HOURS
 }
 authorizedToReleaseCredentialPassword: false
 authorizedToReleaseProxyGrantingTicket: false
 excludeDefaultAttributes: true
   }
   multifactorPolicy:
   {
 @class: 
 org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
 failureMode: CLOSED
 bypassEnabled: false
   }
   accessStrategy:
   {
 @class: 
 org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
 enabled: true
 ssoEnabled: true
 requireAllAttributes: true
 caseInsensitive: false
   }
 }

 The demo client runs as another standalone Tomcat app at 
 http://127.0.0.1:8081.

 Now comes the testing process.

 The first steps of the process look good:

 http://localhost:8081/login/oauth2/cas
 302 ->

 http://127.0.0.1:8080/oauth2.0/authorize?client_id=clientid_uri=http://localhost:8081/login/oauth2/cas_type=code=2YqY0c
 302 ->

 http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas

 After inputing correct username/password in the form and press LOGIN, A 
 POST is submitted to:

Re: [cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2017-12-04 Thread Tommy 
When I use HTTPS , the issue gone.  What's the trick here?

On Mon, Dec 4, 2017 at 7:27 PM, Sandor Juhasz  wrote:

> Happening to us with 5.1.6, using openid connect webflow. Same symptoms,
> only thing making it
> interesting is that it does not happen every time.
>
> See threads:
> https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/TDh7Zz7g5TY
>
>
> --
> *Sándor Juhász*
> System Administrator
> *ChemAxon* *Ltd*.
> Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031
> Cell: +36704258964 <+36%2070%20425%208964>
>
> On Mon, Dec 4, 2017 at 11:45 AM, Fei Wang  wrote:
>
>> I met the exactly same problem . Have you resolve it ?
>>
>>
>> On Wednesday, September 6, 2017 at 11:13:56 AM UTC+8, Zhang Yu wrote:
>>>
>>> env:
>>> Java 8, CAS 5.1.3, Tomcat 8.5 (standalone), IntelliJ, macOS Sierra.
>>>
>>> pom.xml:
>>>
>>> 
>>> 5.1.3
>>> 
>>>
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-webapp
>>> ${cas.version}
>>> war
>>> runtime
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-jdbc
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-json-service-registry>> ctId>
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-webapp-config-security
>>> ${cas.version}
>>> 
>>> 
>>> org.apereo.cas
>>> cas-server-support-oauth-webflow
>>> ${cas.version}
>>> 
>>>
>>> 
>>> com.oracle
>>> ojdbc8
>>> 12.2.0.1
>>> 
>>> 
>>>
>>>
>>> CAS runs fine at http://127.0.0.1:8080.
>>>
>>> Registered a JSON service with CAS to act as a demo OAuth client:
>>>
>>> {
>>>   "@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredServic
>>> e",
>>>   "serviceId": "http://(127.0.0.1|localhost):8081/login/oauth2/cas",
>>>   "clientId": "clientid",
>>>   "clientSecret": "clientSecret",
>>>   "name": "OAuth20ClientDemo",
>>>   "id": 1002,
>>>   "description": "",
>>>   "evaluationOrder": 0,
>>>   "attributeReleasePolicy": {
>>> "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>>>   }
>>> }
>>>
>>> When CAS starts, it automatically generate another JSON service (which
>>> seems a bit weird, however I cannot tell whether it is normal or not):
>>>
>>> {
>>>   @class: org.apereo.cas.services.RegexRegisteredService
>>>   serviceId: http://localhost:8080/oauth2.0/callbackAuthorize.*
>>>   name: RegexRegisteredService
>>>   id: 103356745490349536
>>>   description: OAuth Authentication Callback Request URL
>>>   proxyPolicy:
>>>   {
>>> @class: org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy
>>>   }
>>>   evaluationOrder: 0
>>>   usernameAttributeProvider:
>>>   {
>>> @class: org.apereo.cas.services.DefaultRegisteredServiceUsernameProv
>>> ider
>>> canonicalizationMode: NONE
>>> encryptUsername: false
>>>   }
>>>   attributeReleasePolicy:
>>>   {
>>> @class: org.apereo.cas.services.DenyAllAttributeReleasePolicy
>>> principalAttributesRepository:
>>> {
>>>   @class: org.apereo.cas.authentication.
>>> principal.DefaultPrincipalAttributesRepository
>>>   expiration: 2
>>>   timeUnit: HOURS
>>> }
>>> authorizedToReleaseCredentialPassword: false
>>> authorizedToReleaseProxyGrantingTicket: false
>>> excludeDefaultAttributes: true
>>>   }
>>>   multifactorPolicy:
>>>   {
>>> @class: org.apereo.cas.services.DefaultRegisteredServiceMultifactorP
>>> olicy
>>> failureMode: CLOSED
>>> bypassEnabled: false
>>>   }
>>>   accessStrategy:
>>>   {
>>> @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrate
>>> gy
>>> enabled: true
>>> ssoEnabled: true
>>> requireAllAttributes: true
>>> caseInsensitive: false
>>>   }
>>> }
>>>
>>> The demo client runs as another standalone Tomcat app at
>>> http://127.0.0.1:8081.
>>>
>>> Now comes the testing process.
>>>
>>> The first steps of the process look good:
>>>
>>> http://localhost:8081/login/oauth2/cas
>>> 302 ->
>>> http://127.0.0.1:8080/oauth2.0/authorize?client_id=clientid;
>>> redirect_uri=http://localhost:8081/login/oauth2/cas
>>> _type=code=2YqY0c
>>> 302 ->
>>> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3
>>> A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAut
>>> hClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%
>>> 2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>>>
>>> After inputing correct username/password in the form and press LOGIN, A
>>> POST is submitted to:
>>> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3
>>> A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAut
>>> hClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%
>>> 2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>>>
>>> The response is a 302 to the following url:
>>>
>>> http://localhost:8080/oauth2.0/callbackAuthorize?client_name
>>>

Re: [cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2017-12-04 Thread Sandor Juhasz 
Happening to us with 5.1.6, using openid connect webflow. Same symptoms,
only thing making it
interesting is that it does not happen every time.

See threads:
https://groups.google.com/a/apereo.org/forum/#!topic/cas-user/TDh7Zz7g5TY


--
*Sándor Juhász*
System Administrator
*ChemAxon* *Ltd*.
Building Hx, GraphiSoft Park, Záhony utca 7, Budapest, Hungary, H-1031
Cell: +36704258964

On Mon, Dec 4, 2017 at 11:45 AM, Fei Wang  wrote:

> I met the exactly same problem . Have you resolve it ?
>
>
> On Wednesday, September 6, 2017 at 11:13:56 AM UTC+8, Zhang Yu wrote:
>>
>> env:
>> Java 8, CAS 5.1.3, Tomcat 8.5 (standalone), IntelliJ, macOS Sierra.
>>
>> pom.xml:
>>
>> 
>> 5.1.3
>> 
>>
>> 
>> 
>> org.apereo.cas
>> cas-server-webapp
>> ${cas.version}
>> war
>> runtime
>> 
>> 
>> org.apereo.cas
>> cas-server-support-jdbc
>> ${cas.version}
>> 
>> 
>> org.apereo.cas
>> cas-server-support-json-service-registry
>> ${cas.version}
>> 
>> 
>> org.apereo.cas
>> cas-server-webapp-config-security
>> ${cas.version}
>> 
>> 
>> org.apereo.cas
>> cas-server-support-oauth-webflow
>> ${cas.version}
>> 
>>
>> 
>> com.oracle
>> ojdbc8
>> 12.2.0.1
>> 
>> 
>>
>>
>> CAS runs fine at http://127.0.0.1:8080.
>>
>> Registered a JSON service with CAS to act as a demo OAuth client:
>>
>> {
>>   "@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredServic
>> e",
>>   "serviceId": "http://(127.0.0.1|localhost):8081/login/oauth2/cas",
>>   "clientId": "clientid",
>>   "clientSecret": "clientSecret",
>>   "name": "OAuth20ClientDemo",
>>   "id": 1002,
>>   "description": "",
>>   "evaluationOrder": 0,
>>   "attributeReleasePolicy": {
>> "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>>   }
>> }
>>
>> When CAS starts, it automatically generate another JSON service (which
>> seems a bit weird, however I cannot tell whether it is normal or not):
>>
>> {
>>   @class: org.apereo.cas.services.RegexRegisteredService
>>   serviceId: http://localhost:8080/oauth2.0/callbackAuthorize.*
>>   name: RegexRegisteredService
>>   id: 103356745490349536
>>   description: OAuth Authentication Callback Request URL
>>   proxyPolicy:
>>   {
>> @class: org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy
>>   }
>>   evaluationOrder: 0
>>   usernameAttributeProvider:
>>   {
>> @class: org.apereo.cas.services.DefaultRegisteredServiceUsernameProv
>> ider
>> canonicalizationMode: NONE
>> encryptUsername: false
>>   }
>>   attributeReleasePolicy:
>>   {
>> @class: org.apereo.cas.services.DenyAllAttributeReleasePolicy
>> principalAttributesRepository:
>> {
>>   @class: org.apereo.cas.authentication.
>> principal.DefaultPrincipalAttributesRepository
>>   expiration: 2
>>   timeUnit: HOURS
>> }
>> authorizedToReleaseCredentialPassword: false
>> authorizedToReleaseProxyGrantingTicket: false
>> excludeDefaultAttributes: true
>>   }
>>   multifactorPolicy:
>>   {
>> @class: org.apereo.cas.services.DefaultRegisteredServiceMultifactorP
>> olicy
>> failureMode: CLOSED
>> bypassEnabled: false
>>   }
>>   accessStrategy:
>>   {
>> @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrate
>> gy
>> enabled: true
>> ssoEnabled: true
>> requireAllAttributes: true
>> caseInsensitive: false
>>   }
>> }
>>
>> The demo client runs as another standalone Tomcat app at
>> http://127.0.0.1:8081.
>>
>> Now comes the testing process.
>>
>> The first steps of the process look good:
>>
>> http://localhost:8081/login/oauth2/cas
>> 302 ->
>> http://127.0.0.1:8080/oauth2.0/authorize?client_id=clientid;
>> redirect_uri=http://localhost:8081/login/oauth2/cas;
>> response_type=code=2YqY0c
>> 302 ->
>> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%
>> 3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%
>> 3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%
>> 3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>>
>> After inputing correct username/password in the form and press LOGIN, A
>> POST is submitted to:
>> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%
>> 3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%
>> 3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%
>> 3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>>
>> The response is a 302 to the following url:
>>
>> http://localhost:8080/oauth2.0/callbackAuthorize?client_name
>> =CasOAuthClient_id=clientid_uri=http://local
>> host:8081/login/oauth2/cas=ST-6-T71F2TDPjCsPF9d3Shby-localhost
>>
>> *Here comes the problem: The response of the above url
>> (/callbackAuthorize) is a 302 redirection to '/' (root path of CAS), which
>> then redirects to the login page (/login). *
>>
>> I think the expected behavior of /callbackAuthorize should be

[cas-user] Re: Unsuccessful in configuring CAS 5.1.3 as a OAuth server ("/callbackAuthorize" redirects to "/" instead of client app)

2017-12-04 Thread Fei Wang 
I met the exactly same problem . Have you resolve it ? 

On Wednesday, September 6, 2017 at 11:13:56 AM UTC+8, Zhang Yu wrote:
>
> env:
> Java 8, CAS 5.1.3, Tomcat 8.5 (standalone), IntelliJ, macOS Sierra.
>
> pom.xml:
>
> 
> 5.1.3
> 
>
> 
> 
> org.apereo.cas
> cas-server-webapp
> ${cas.version}
> war
> runtime
> 
> 
> org.apereo.cas
> cas-server-support-jdbc
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-json-service-registry
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-webapp-config-security
> ${cas.version}
> 
> 
> org.apereo.cas
> cas-server-support-oauth-webflow
> ${cas.version}
> 
>
> 
> com.oracle
> ojdbc8
> 12.2.0.1
> 
> 
>
>
> CAS runs fine at http://127.0.0.1:8080.
>
> Registered a JSON service with CAS to act as a demo OAuth client:
>
> {
>   "@class": "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "serviceId": "http://(127.0.0.1|localhost):8081/login/oauth2/cas",
>   "clientId": "clientid",
>   "clientSecret": "clientSecret",
>   "name": "OAuth20ClientDemo",
>   "id": 1002,
>   "description": "",
>   "evaluationOrder": 0,
>   "attributeReleasePolicy": {
> "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>   }
> }
>
> When CAS starts, it automatically generate another JSON service (which 
> seems a bit weird, however I cannot tell whether it is normal or not):
>
> {
>   @class: org.apereo.cas.services.RegexRegisteredService
>   serviceId: http://localhost:8080/oauth2.0/callbackAuthorize.*
>   name: RegexRegisteredService
>   id: 103356745490349536
>   description: OAuth Authentication Callback Request URL
>   proxyPolicy:
>   {
> @class: org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy
>   }
>   evaluationOrder: 0
>   usernameAttributeProvider:
>   {
> @class: 
> org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider
> canonicalizationMode: NONE
> encryptUsername: false
>   }
>   attributeReleasePolicy:
>   {
> @class: org.apereo.cas.services.DenyAllAttributeReleasePolicy
> principalAttributesRepository:
> {
>   @class: 
> org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository
>   expiration: 2
>   timeUnit: HOURS
> }
> authorizedToReleaseCredentialPassword: false
> authorizedToReleaseProxyGrantingTicket: false
> excludeDefaultAttributes: true
>   }
>   multifactorPolicy:
>   {
> @class: 
> org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy
> failureMode: CLOSED
> bypassEnabled: false
>   }
>   accessStrategy:
>   {
> @class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
> enabled: true
> ssoEnabled: true
> requireAllAttributes: true
> caseInsensitive: false
>   }
> }
>
> The demo client runs as another standalone Tomcat app at 
> http://127.0.0.1:8081.
>
> Now comes the testing process.
>
> The first steps of the process look good:
>
> http://localhost:8081/login/oauth2/cas
> 302 ->
>
> http://127.0.0.1:8080/oauth2.0/authorize?client_id=clientid_uri=http://localhost:8081/login/oauth2/cas_type=code=2YqY0c
> 302 ->
>
> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>
> After inputing correct username/password in the form and press LOGIN, A 
> POST is submitted to:
>
> http://localhost:8080/login?service=http%3A%2F%2Flocalhost%3A8080%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8081%2Flogin%2Foauth2%2Fcas
>
> The response is a 302 to the following url:
>
>
> http://localhost:8080/oauth2.0/callbackAuthorize?client_name=CasOAuthClient_id=clientid_uri=http://localhost:8081/login/oauth2/cas=ST-6-T71F2TDPjCsPF9d3Shby-localhost
>
> *Here comes the problem: The response of the above url 
> (/callbackAuthorize) is a 302 redirection to '/' (root path of CAS), which 
> then redirects to the login page (/login). *
>
> I think the expected behavior of /callbackAuthorize should be a 
> redirection back to the client app at 
> http://localhost:8081/login/oauth2/cas with the OAuth token issued.
>
> Did I get anything wrong or miss any configurations?
>
> Thanks.
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit