Cemal, Did you try with, username=battags&password=password&service=https://something.com/test
You have only one service defined, it must have 'test' in the url. Any other service, including the CAS default page, is not allowed. If you do not provide a service, CAS will redirect to its default page. You can also add a config item, cas.view.defaultRedirectUrl. I am not sure where in the docs this is. Ray On Mon, 2019-12-16 at 22:19 -0800, Cemal Önder wrote: I want to use REST Protocol in my services. For this, I enabled Rest Protocol and trying to get TGT. Also, all examples were based on generic service registration which I don't want in prod environment. Here<https://apereo.github.io/cas/6.1.x/services/JSON-Service-Management.html#json-syntax> is the generic service registry example that should not be used in prod environment. And I did not use this in my environment: { /* Generic service definition that applies to https/imaps urls that wish to register with CAS for authentication. */ "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^(https|imaps)://.*", "name" : "HTTPS and IMAPS", "id" : 10000001, } Instead, I have the following one: { "@class": "org.apereo.cas.services.RegexRegisteredService", // this service will match all the requests contains test in the request url "serviceId": "^https?:\\/\\/.*test($|\\/).*$", "name": "Test", "id": 1, "description": "Test service", "evaluationOrder": 2, "requiredHandlers": [ "java.util.HashSet", [ "TestHandler" ] ], "attributeReleasePolicy": { "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" }, "properties": { "@class": "java.util.HashMap", "jwtAsServiceTicket": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceProperty", "values": [ "java.util.HashSet", [ "true" ] ] } } } I can not request a ticket granting ticket as explained here<https://apereo.github.io/cas/6.1.x/protocol/REST-Protocol.html#request-a-ticket-granting-ticket>: POST /cas/v1/tickets HTTP/1.0 'Content-type': 'Application/x-www-form-urlencoded' username=battags&password=password&additionalParam1=paramvalue I got the following exception: Unauthorized Service Access. Service [] is not found in service registry When I debug the code, I can see that TGT is created and my registered service works fine. An exception is thrown because of the registered service check for againts CAS Server in JWTBuilder<https://github.com/apereo/cas/blob/master/support/cas-server-support-token-core-api/src/main/java/org/apereo/cas/token/JwtBuilder.java#L134> val registeredService = payload.getRegisteredService() == null ? locateRegisteredService(serviceAudience) : payload.getRegisteredService(); RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(registeredService); Here CAS tries to check if service access is allowed. payload.getRegisteredService returns null and locateRegisteredService is called with serviceAudience, than ensureServiceAccessIsAllowed throws the exception. Problem is: serviceAudience is always filled<https://github.com/apereo/cas/blob/master/support/cas-server-support-token-core-api/src/main/java/org/apereo/cas/token/JwtTokenTicketBuilder.java#L78> with CAS server prefix which means this there must a service definition that matches with CAS server prefix. All examples work when I enable generic service definition but when I remove it, TGT does not return because of the above check. Any idea, solution? I don't want to allow everyone able to create TGT, I can add service definition that only matches with CAS prefix also but first it is better to understand if I miss something or if this is a bug. -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2c07a805c9012ec3f4e07a2efc1bb6b11d7571ef.camel%40uvic.ca.
