Hello,
I am using a test CAS 7.1.1 server running inside docker, using the below
settings:
*info*:
* description*: CAS Configuration
*cas*:
*service-registry*:
* core*:
* init-from-json*:* true*
*json*:
* location*: file:/etc/cas/services
*http-web-request*:
* cors*:
* enabled*:* false*
* server*:
* name*: *http://cas:cas_port <http://cas:cas_port>*
* prefix*: *http://cas:cas_port/cas <http://cas:cas_port/cas>*
* authn*:
* accept*:
* enabled*:* false*
* authentication-attribute-release*:
* enabled*:* true*
* attribute-repository*:
* ldap[0]*:
* bind-dn*: cn=rouser,dc=atih,dc=sante,dc=fr
* bind-credential*: ldap_rouser_password
*base-dn*: ou=agents,dc=atih,dc=sante,dc=fr
*search-filter*: uid={user}
* ldap-url*: *ldap://openldap:ldap_port*
* allow-multiple-entries*:* true*
*ldap[0]*:
* bind-dn*: cn=admin,dc=atih,dc=sante,dc=fr
* bind-credential*: ldap_admin_password
*base-dn*: ou=agents,dc=atih,dc=sante,dc=fr
*search-filter*: uid={user}
* password-encoder*:
* type*: NONE
* ldap-url*: *ldap://openldap:ldap_port*
* use-start-tls*:* false*
* type*: AUTHENTICATED
* oauth*:
* access-token*:
* crypto*:
* signing*:
* key*: 8PdeTwu4j0thSopZgFvg-oa5GR8GBTzzcmiIMo7Vh0EmoVdWK5y
Rw4U7bWyOFdI53CU0exVZQCtQlLwMWaJ_og
* encryption*:
* key*: JzJ51l362rOPDZLwhtRY3p0SJUUx5sf8ZEDAKDIkdeY
* crypto*:
* signing*:
* key*: meT8P7qpaN6bH3Bq-MsbMYQEL0iwZirR-XE-
WAJFJHWfFsEOWq57sOfeG5DJXkBIdjd5RfRT3jX6QCOAkrh99g
* encryption*:
* key*: R3i5XWWsA9WWFhLkkQFGaOprYeYt8FGTbiTmgQkkmxEv6wbN-
9YUjiPkM0Gezw_T377ORjM31JG0QNkLwXA8PQ
* session-replication*:
* cookie*:
* crypto*:
* signing*:
* key*: 8C59Wtz_K_NKozYZ7G5fBZ83II0MBBI702ZmEqdO
zXIPAI5B1MDUSVmm8w4YYzaBRjsGwG9fZBPWf-JS4yW_QQ
* encryption*:
* key*: 50kNxo6EKFQk9KOUAm0UXWhS-52Xtw_
yWatSRkBT3GVzvS5cCPr3VH9_TmyJu91isRTjc2fjEiAD0idV00CBLQ
* oidc*:
* core*:
* issuer*: *http://cas:cas_port/cas/oidc
<http://cas:cas_port/cas/oidc>*
* discovery*:
* grant-types-supported*:
- authorization_code
- "urn:ietf:params:oauth:grant-type:uma-ticket"
- "urn:ietf:params:oauth:grant-type:token-exchange"
- "urn:ietf:params:oauth:grant-type:device-code"
- refresh_token
* token-endpoint-auth-methods-supported*: client_secret_basic
* introspection-supported-authentication-methods*:
client_secret_basic
* response-types-supported*:
- code
- token
- id_token
- id_token token
- device_code
* prompt-values-supported*:
- none
- login
- consent
* logout*:
* followServiceRedirects*:* true*
* redirectParameter*: service
* confirmLogout*:* true*
* slo*:
* disabled*:* false*
* monitor*:
* endpoints*:
* endpoint*:
* defaults*:
* access*: ANONYMOUS
* ticket*:
* st*:
* time-to-kill-in-seconds*: PT3600S
*server*:
* port*: cas_port
* ssl*:
*enabled*:* false*
* keyStore*: file:/etc/cas/thekeystore
* keyStorePassword*: changeit
* keyPassword*: changeit
* servlet*:
* context-path*: /cas
#
*logging*:
* level*:
* org.apereo.cas*: DEBUG
* org.springframework*: INFO
*management*:
* endpoints*:
* web*:
* exposure*:
* include*: "*"
* enabled-by-default*:* true*
* security*:
*enabled*:* false*
I am trying to contact it using OIDC. As such, I’ve defined statically an
OidcRegisteredService as follows:
*{*
"@class" *:* "org.apereo.cas.services.OidcRegisteredService"*,*
"serviceId" *:* "^https?://oidc-client-demo.*"*,*
"name"*:* "OIDC Client Example"*,*
"id"*:* 10*,*
"evaluationOrder" *:* 10*,*
"clientId" *:* "demo-client"*,*
"clientSecret" *:* "demo-client-secret"*,*
"signIdToken" *:* *false**,*
"encryptIdToken" *:* *false**,*
"bypassApprovalPrompt" *:* *false**,*
"supportedGrantTypes" *:* *[* "java.util.HashSet"*,* *[*
"authorization_code"*]* *],*
"supportedResponseTypes" *:* *[* "java.util.HashSet"*,* *[* "code" *]*
*],*
"supportedPromptValues"*:* *[* "java.util.HashSet"*,* *[* "consent" *]*
*],*
"scopes" *:* *[* "java.util.HashSet"*,* *[* "openid"*,*"profile"*,*"email"
*,*"address"*,*"phone" *]* *],*
"attributeReleasePolicy"*:* *{*
"@class"*:* "org.apereo.cas.services.ReturnAllAttributeReleasePolic
y"
*}*
*}*
However, my oidc client fails to work with it.
When it send an authentication request, I am prompted to enter credentials
in a browser. Then, the following POST request is sent to my CAS server,
POST /cas/login?service=http%3A%2F%2Fcas%3A8080%2Fcas%2Foauth2.0%
2FcallbackAuthorize%3Fclient_id%3Ddemo-client%26scope%3Dopenid%2520profile%
2520email%26redirect_uri%3Dhttp%253A%252F%252Foidc-client-demo%252Fanything%252Fcallback%26re,
The authentication is successful, but then I do not see any approval popup
being displayed, nor can I see in network traces that when it reaches my
setup redirect_uri any parameters are provided.
[image: image.png]
Thus, the process fails at this point…
Would you know if I did something wrong while setting up my CAS server and
service ?
Of course, in the CAS logs, I cannot see any error message during the
process of the request…
Thanks in advance
Best regards,
Pierre
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9a0c054-8436-4c56-8ed8-5bb2bf6dbe67n%40apereo.org.
