SSO error when using delegate Google Authentication

15 views
Skip to first unread message

Lê Duy Hoàng

unread,
Jul 2, 2019, 1:44:25 PM7/2/19
to CAS Developer
Im having a trouble when using SSO with Google Authentication delegated.

I have two sites A and B
  1. Im login in site A via cas server with Google Authentication
  2. Im login in site B then error ocured
2019-07-03 00:28:24,630 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [ClientCredential(credentials=null, clientName=Google, typedIdUsed=true, userProfile=null)] of type [ClientCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>

I setup site A service json file like 
 
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "clientId": "69438529176-ghio8mpe9c10oia1b5qbm1vdbe0sci95.apps.googleusercontent.com",
  "clientSecret": "tihWWJ6zKIuvYSgl4Fk36w1g",
  "serviceId" : "^http://127.0.0.1:8000/.*",
  "name" : "Rating service",
  "id" : 1994,
  "allowedToProxy":true,
  "enabled":true,
  "ssoEnabled":true,
  "anonymousAccess":false,
  "proxyPolicy" : {
    "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
  },
  "usernameAttributeProvider" : {
    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
  },
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
    "allowedAttributes" : [ "java.util.ArrayList", [ "username", "name", "given_name", "family_name", "email", "access_token",  "picture"] ],
    "authorizedToReleaseCredentialPassword" : false,
    "authorizedToReleaseProxyGrantingTicket" : true
  },
  "accessStrategy" : {
    "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
    "delegatedAuthenticationPolicy" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
      "allowedProviders" : [ "java.util.ArrayList", [ "Google" ] ]
    },
    "enabled" : true,
    "ssoEnabled" : true,
    "permitUndefined": true,
    "exclusive": true
  },
  "publicKey" : {
    "@class" : "org.apereo.cas.services.RegisteredServicePublicKeyImpl",
    "location" : "classpath:public.key",
    "algorithm" : "RSA"
  }
}

site B : 
{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "clientId": "69438529176-ghio8mpe9c10oia1b5qbm1vdbe0sci95.apps.googleusercontent.com",
  "clientSecret": "tihWWJ6zKIuvYSgl4Fk36w1g",
  "serviceId" : "^http://ratingservice.com/.*",
  "name" : "Rating service",
  "allowedToProxy":true,
  "enabled":true,
  "ssoEnabled":true,
  "anonymousAccess":false,
  "proxyPolicy" : {
    "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
  },
  "usernameAttributeProvider" : {
    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
  },
  "id" : 100,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
    "allowedAttributes" : [ "java.util.ArrayList", [ "username", "name", "given_name", "family_name", "email", "access_token",  "picture"] ],
    "authorizedToReleaseCredentialPassword" : false,
    "authorizedToReleaseProxyGrantingTicket" : true
  },
  "accessStrategy" : {
    "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
    "delegatedAuthenticationPolicy" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
      "allowedProviders" : [ "java.util.ArrayList", [ "Google" ] ]
    },
    "enabled" : true,
    "ssoEnabled" : true,
    "permitUndefined": true,
    "exclusive": true
  },
  "publicKey" : {
    "@class" : "org.apereo.cas.services.RegisteredServicePublicKeyImpl",
    "location" : "classpath:public.key",
    "algorithm" : "RSA"
  }
}
And cas.properties like this :
cas.server.name: https://cas.topica.asia:8443
cas.server.prefix=${cas.server.name}/cas

logging.config: file:/etc/cas/config/log4j2.xml

cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location:file:etc/cas/services

cas.sso.proxyAuthnEnabled=true
cas.sso.renewAuthnEnabled=true

cas.authn.pac4j.name=pac4j

cas.authn.pac4j.google.id=780031468524-kj5cgs4eo0iqif079kdo350q5h7viftg.apps.googleusercontent.com
cas.authn.pac4j.google.secret=fN5dob1bG0CJZHgQk7tJEEi2
cas.authn.pac4j.google.clientName=Google
cas.authn.pac4j.google.autoRedirect=false
cas.authn.pac4j.google.scope=EMAIL_AND_PROFILE
cas.authn.pac4j.typedIdUsed=true
cas.authn.pac4j.principalAttributeId=

cas.logout.followServiceRedirects=true

logging.level.org.apereo.cas=DEBUG

cas.authn.mfa.globalFailureMode=NONE


cas.authn.accept.users=casuser::Mellon
cas.authn.accept.name=Static Credentials
Please help me, i have been stuck on this problem for a month. 
Sorry for my bad english :( 
Reply all
Reply to author
Forward
0 new messages