Hi,
building a cas overlay using cas initializr
{"version":"6.4.0","bootVersion":"2.5.4","sync":true,"branch":"6.4","type":"cas"}Added OIDC support and test it with the sample client application found in the documentation https://apereo.github.io/cas/6.4.x/authentication/OIDC-Authentication.html#sample-client-applications CAS is deployed inside Apache Tomcat external container. Configuration in cas.properties file : cas.server.name=https://<domain> cas.server.prefix=${cas.server.name}/cas cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc/ https://<domain>/cas/oidc/.well-known redirects to a 404 error page Client app redirects to CAS login page successfully, after submitting login and password, CAS redirects to Application Not Authorized to Use CAS. In the log file, found this message : [org.apereo.cas.oidc.util.OidcRequestSupport] - <Issuer [https://<domain>/cas/oidc] defined in CAS configuration does not match the request issuer [http://<domain>/cas/oidc/authorize]> Note that the request issuer in http (not https) and the ending /authorize endpoint Fix the cas.properties as follow cas.authn.oidc.core.issuer=http://<domain>/cas/oidc/authorize Restart CAS Client app redirects to CAS login page with error java.lang.IllegalArgumentException: Unable to locate authentication profile at org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController.lambda$redirectToCallbackRedirectUrl$0(OAuth20AuthorizeEndpointController.java:164) at java.base/java.util.Optional.orElseThrow(Optional.java:408) at org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController.redirectToCallbackRedirectUrl(OAuth20AuthorizeEndpointController.java:164) at org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController.handleRequest(OAuth20AuthorizeEndpointController.java:87) at org.apereo.cas.oidc.web.controllers.authorize.OidcAuthorizeEndpointController.handleRequest(OidcAuthorizeEndpointController.java:49) Downgrade CAS to CAS 6.4.0-RC6 Configuration in cas.properties file : cas.server.name=https://<domain> cas.server.prefix=${cas.server.name}/cas cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc/ https://<domain>/cas/oidc/.well-known redirect to a 404 error page Property cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc/ leads to [org.apereo.cas.oidc.util.OidcRequestSupport] - <Issuer [https://<domain>/cas/oidc] defined in CAS configuration does not match the request issuer [http://<domain>/cas/oidc/authorize]> Fix the cas.properties as follow cas.authn.oidc.core.issuer=http://<domain>/cas/oidc/authorize Restart CAS Client app redirects to CAS login page successfully, after submitting login and password, CAS redirects to Claims authorizarion page. Submit it Browser redirect to https://<client_app_domain>:9443/simple-web-app/openid_connect_login?code=OC-x-xxxx&state=zzz&nonce=yy and display "HTTP ERROR 401 Authentication Failed: Unable to obtain Access Token: 404" Downgrade CAS to CAS 6.4.0-RC5 Configuration in cas.properties file : cas.server.name=https://<domain> cas.server.prefix=${cas.server.name}/cas cas.authn.oidc.core.issuer=${cas.server.prefix}/oidc/ https://<domain>/cas/oidc/.well-known redirect successfully Client app redirects to CAS login page successfully, after submitting login and password, CAS redirects to Claims authorizarion page. Submit it Client app displays ID Token and User Info Did I miss some configurations inside cas.properties starting from CAS 6.4.0 RC6 ? Or is there a bug here ? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/96d52f07-b0be-41c2-a322-114d6aadce02n%40apereo.org.
