Hi all . We have a 6.3.7.3 installation its works fine. I use a oidc
service without problem but when I use Delegated authentication multiple
internal calls don't work
Example:
2022-02-06 17:29:09,191 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<{"who":"alfonso.vera@xxxxxx","what":"TGT-4-*****H8qy45pStA-XXXX","action":"TICKET_GRANTING_TICKET_CREATED","application":"CAS","when":"Sun
Feb 06 17:29:09 CET
2022","clientIpAddress":"X.Y.Z.Z","serverIpAddress":"X.Y.Z.X"}>
2022-02-06 17:29:09,243 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<{"who":"alfonso.vera@xxxxxx","what":"[result=Service Access
Granted,service=https://oidc.service,requiredAttributes={}]","action":"SERVICE_ACCESS_ENFORCEMENT_TRIGGERED","application":"CAS","when":"Sun
Feb 06 17:29:09 CET
2022","clientIpAddress":"X.Y.Z.Z","serverIpAddress":""X.Y.Z.X""}>
2022-02-06 17:29:09,258 INFO
[org.apereo.cas.DefaultCentralAuthenticationService] - <Granted service
ticket [ST-4-CcdY-FDXqU7kFJcycxWQ5koTK08-XXXX] for service
[https://oidc.service] and principal [alfonso.vera@xxxxxxx]>
2022-02-06 17:29:09,258 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<{"who":"alfonso.vera@xxxxxx","what":"ST-4-CcdY-FDXqU7kFJcycxWQ5koTK08-XXXX
for
https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice&redirect_uri=https%3A%2F%2Foicd.service%2F...","action":"SERVICE_TICKET_CREATED","application":"CAS","when":"Sun
Feb 06 17:29:09 CET
2022","clientIpAddress":"155.54.193.217","serverIpAddress":"X.Y.Z.X""}>
2022-02-06 17:29:09,338 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<{"who":"audit:unknown","what":"[result=Service Access
Granted,service=https://oidc.service,principal=SimplePrincipal(id=alfonso.vera@xxxxxx,
attributes={bla,bla,bla}),requiredAttributes={}]","action":"SERVICE_ACCESS_ENFORCEMENT_TRIGGERED","application":"CAS","when":"Sun
Feb 06 17:29:09 CET
2022","clientIpAddress":"X.Y.Z.Z","serverIpAddress":"X.Y.Z.X""}>
2022-02-06 17:29:09,354 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<{"who":"alfonso.vera@xxxxxx","what":"ST-4-CcdY-FDXqU7kFJcycxWQ5koTK08-XXXX
for
https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice&redirect_uri=https%3A%2F%2Foidc.service%2F...","action":"SERVICE_TICKET_VALIDATE_SUCCESS","application":"CAS","when":"Sun
Feb 06 17:29:09 CET
2022","clientIpAddress":"X.Y.Z.Z","serverIpAddress":"X.Y.Z.X"}>
blablabla OC-ticket etc...
But if we use oicd service with delegated authentication.....
2022-02-06 18:43:18,434 INFO
[org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] -
<Credentials are successfully authenticated using the delegated client
[delegateclient]>
2022-02-06 18:43:18,670 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<{"who":"iduser","what":"TGT-5-*****h0SWl2C7ZY-XXXXXXX","action":"TICKET_GRANTING_TICKET_CREATED","application":"CAS","when":"Sun
Feb 06 18:43:18 CET
2022","clientIpAddress":"X.Y.Z.Z","serverIpAddress":"X.Y.Z.X"}>
2022-02-06 18:43:18,719 INFO
[org.apereo.cas.DefaultCentralAuthenticationService] - <Granted service
ticket [ST-5-eAKwsc-4Yc-94WBpZH6tJsoKOJk-XXXXXXX] for service
[https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice]
and principal [iduser]>
2022-02-06 18:43:18,719 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<{"who":"iduser","what":"ST-5-eAKwsc-4Yc-94WBpZH6tJsoKOJk-XXXXXXX for
https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice","action":"SERVICE_TICKET_CREATED","application":"CAS","when":"Sun
Feb 06 18:43:18 CET
2022","clientIpAddress":"155.54.193.217","serverIpAddress":"155.54.218.4"}>
022-02-06 18:43:18,777 DEBUG
[org.apereo.cas.ticket.registry.AbstractTicketRegistry] - <Decoded ticket
to [ST-5-eAKwsc-4Yc-94WBpZH6tJsoKOJk-XXXXXXX]>
2022-02-06 18:43:18,778 DEBUG
[org.apereo.cas.DefaultCentralAuthenticationService] - <Resolved service
[AbstractWebApplicationService(id=https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice&client_name=CasOAuthClient,
originalUrl=https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice&client_name=CasOAuthClient,
artifactId=ST-5-eAKwsc-4Yc-94WBpZH6tJsoKOJk-XXXXXXX, principal=null,
source=null, loggedOutAlready=false, format=XML,
attributes={client_name=[CasOAuthClient], client_id=[webservice]})] from
the authentication request with service
[AbstractWebApplicationService(id=https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice,
originalUrl=https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice,
artifactId=null, principal=iduser, source=service, loggedOutAlready=false,
format=XML, attributes={response_type=[code],
redirect_uri=[https://oidc.service], locale=[es], client_name=[Cl@veD,
CasOAuthClient], client_id=[webservice]})] linked to service ticket
[ST-5-eAKwsc-4Yc-94WBpZH6tJsoKOJk-XXXXXXX]>
*2022-02-06 18:43:18,778 ERROR
[org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket
[ST-5-eAKwsc-4Yc-94WBpZH6tJsoKOJk-XXXXXXX] with service
[https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice]
does not match supplied service
[https://casserver.com/cas/oauth2.0/callbackAuthorize?client_id=webservice&client_name=CasOAuthClient]>*
2022-02-06 18:43:18,783 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] -
<{"who":"audit:unknown","what":"ST-5-eAKwsc-4Yc-94WBpZH6tJsoKOJk-elephas60
for
https://entrada.test.um.es/cas/oauth2.0/callbackAuthorize?client_id=webservice&client_name=CasOAuthClient","action":"SERVICE_TICKET_VALIDATE_FAILED","application":"CAS","when":"Sun
Feb 06 18:43:18 CET
2022","clientIpAddress":""X.Y.Z.Z"","serverIpAddress":"X.Y.Z.X"}>
The error seems clear but they are internal calls I don't know how to fix it
I've tried import this commit and it doesn't work.
https://github.com/apereo/cas/pull/5166
I have tested version 6.4.x and it works fine.
Any ideas for 6.3.x ?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bff6f6f7-ed75-49ad-b892-7d188ae1b951n%40apereo.org.
