Folks I am new to CAS and is trying to setup the CAS as OIDC provider for other services.
My limited understanding about CAS OIDC is as follows: A. You make a call to required "server/cas/oidc/authorize" - with required parameters. B. The CAS redirects the requests to "server/cas/oauth2.0/callbackAuthorize" end point. C. You get the login page and upon successful authentication - a service ticket for " /cas/oauth2.0/callbackAuthorize" is created for " CasOAuthClient" D. Once the service ticket has been validated by " /cas/oauth2.0/callbackAuthorize" , an access ticket - of the format as "OC-1-v0ukA6hDx1Wbv1jzyimIQFwL4EeMBPPX" is created for further process. My issue is as follows: 1. After the successful service ticket validation for the CasOAuthClient- rather than creation of access ticket - I am being redirected back to the login page. The following are the lines - where i suspect the issue: 2020-11-12 11:11:33,632 DEBUG [org.apereo.cas.support.oauth.web.OAuth20CasCallbackUrlResolver] - <Final resolved callback URL is [http://server:8443/cas/oauth2.0/callbackAuthorize?client_id=apache_client&redirect_uri=http%3A%2F%2Fapache.server.com%2Fsecure%2Fredirect_uri&response_type=code]> 2020-11-12 11:11:33,632 DEBUG [org.apereo.cas.support.oauth.web.response.OAuth20DefaultCasClientRedirectActionBuilder] - <Final redirect url is [http://server:8443/cas/login?service=http%3A%2F%2Fleo.mytbits.com%3A8443%2Fcas%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3Dapache_client%26redirect_uri%3Dhttp%253A%252F%252Fapache.server.com%252Fsecure%252Fredirect_uri%26response_type%3Dcode%26client_name%3DCasOAuthClient]> 2020-11-12 11:11:33,632 DEBUG [org.apereo.cas.oidc.web.OidcCasClientRedirectActionBuilder] - <Final redirect action is [Optional[#HttpAction# | code: 302 |]]> 2020-11-12 11:11:33,872 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN On my location machine - once we have done the service ticket validation - i am getting the lines: ============================================================= WHO: root WHAT: ST-1-XsNPfqOVinN5BrMSXNvENcWuD08-DESKTOP-GLUMAQ0 for http://localhost:8443/cas/oauth2.0/callbackAuthorize?client_id=client&redirect_uri=http%3A%2F%2Flocalhost%3A80%2Fsecure%2F... ACTION: SERVICE_TICKET_VALIDATE_SUCCESS APPLICATION: CAS WHEN: Thu Nov 12 16:30:02 IST 2020 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 ============================================================= > 2020-11-12 16:30:02,509 DEBUG [org.apereo.cas.util.HttpRequestUtils] - <Found provided request parameter [client_id]> 2020-11-12 16:30:02,509 DEBUG [org.apereo.cas.util.HttpRequestUtils] - <Found provided request parameter [redirect_uri]> 2020-11-12 16:30:02,509 DEBUG [org.apereo.cas.util.HttpRequestUtils] - <Found provided request parameter [response_type]> 2020-11-12 16:30:02,509 DEBUG [org.apereo.cas.support.oauth.util.OAuth20Utils] - <Response type: [code]> 2020-11-12 16:30:02,510 DEBUG [org.apereo.cas.support.oauth.validator.authorization.OAuth20AuthorizationCodeResponseTypeAuthorizationRequestValidator] - <Locating registered service for client id [client]> And it proceeds with Access Token Creation. I am running the same cas .war file on server and on my location machine and making the same GET Call to both. Really perplexed why in one case - [on server where i m not running as localhost] I am stuck in endless loop of authentication. Any idea's are welcome especially from people who have successfully implemented OIDC in CAS. Thank you in Advance. Ritesh -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/50827cf4-5e0a-4312-9a1a-e57d4f2fe79en%40apereo.org.
