Hello,
My CAS application (5.3) does not redirect the user to the provided service
URL after logging into Instagram using Generic OAuth2.0. Instead the user
lands on the login page which says Log In Successful and the following
message:
*You, {user}, have successfully logged into the Central Authentication
Service. However, you are seeing this page because CAS does not know about
your target destination and how to get you there. Examine the
authentication request again and make sure a target service/application
that is authorized and registered with CAS is specified.*
The user should actually be taken to the service url along with the Service
Ticket ST parameter. But that is not happening. However, the remaining
pac4j inbuilt clients like Facebook, Google, LinkedIn etc are working
properly. This only happens when I am use the OAuth2.0 client for Instagram
and manually defind the properties in cas.properties page.
*The following is my configuration:*
cas.authn.pac4j.oauth2[0].id={client_id}
cas.authn.pac4j.oauth2[0].secret={client_secret}
cas.authn.pac4j.oauth2[0].authUrl=https://api.instagram.com/oauth/authorize
cas.authn.pac4j.oauth2[0].tokenUrl=https://
api.instagram.com/oauth/access_token
cas.authn.pac4j.oauth2[0].clientName=instagram
cas.authn.pac4j.oauth2[0].profileUrl=https://
api.instagram.com/v1/users/self/
cas.authn.pac4j.oauth2[0].profilePath=data
cas.authn.pac4j.oauth2[0].profileVerb=GET
cas.authn.pac4j.oauth2[0].autoRedirect=true
cas.authn.pac4j.oauth2[0].principalAttributeId=username
cas.authn.pac4j.oauth2[0].profileAttrs.id=id
cas.authn.pac4j.oauth2[0].profileAttrs.fullName=full_name
cas.authn.pac4j.oauth2[0].profileAttrs.pictureUrl=profile_picture
*Service file JSON:*
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "^https://.*.{domain}.com.*";,
"name" : "eyerne",
"id" : 10002,
"description" : "This service definition authorizes the eyerne URL.",
"accessStrategy" : {
"@class" :
"org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
},
"bypassApprovalPrompt":true,
"proxyPolicy" : {
"@class" :
"org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern" : "^https?://.*"
},
"supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code",
"client_credential"] ],
"supportedResponseTypes": [ "java.util.HashSet", [ "code", "token" ] ],
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
}
One thing which i am suspecting is that when i took at the Network monitor
in Google Chrome I find the following:
1. Before logging in, the last URL from Instagram is as below:
https://www.instagram.com/oauth/authorize?client_name=instagram&service={service_url}&response_type=code&client_id={client_id}&redirect_uri=https%3A%2F%2Fwww.cas.{domain}.com%3A8443%2Fcas%2Flogin%3Fclient_name&state={state}
<https://www.google.com/url?q=https%3A%2F%2Fwww.instagram.com%2Foauth%2Fauthorize%3Fclient_name%3Dinx%26service%3D%257Bservice_url%257D%26response_type%3Dcode%26client_id%3D%257Bclient_id%257D%26redirect_uri%3Dhttps%253A%252F%252Fwww.cas.%257Bdomain%257D.com%253A8443%252Fcas%252Flogin%253Fclient_name%26state%3D%257Bstate%257D&sa=D&sntz=1&usg=AFQjCNFl8ayv20TKpF4Riiz5_BLS9Gs9yQ>
2. After then the login page is loaded as follows:
https://www.cas.eyerne.com:8443/cas/login?code={code}&state={state}
If you carefully look at the Authorization URL in point 1 above, the
redirect_uri contains the param client_name as blank or empty. I guess due
to this the login page that loads next does not have to client_name added
to its URL.
I am not sure this is the root cause, but can anyone help me figure out how
to redirect the user to the servie URL and not the login page.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf1b1a4a-2c3b-497d-8108-5400ed8f4489%40apereo.org.
