CAS 5.3.x, OpenID Connect, Getting 401 on token request
41 views
Skip to first unread message
Yan Zhou
Mar 12, 2019, 2:38:35 PM3/12/19
to CAS Community
hello,
I set up CAS 5.3.x overlay for OpenId Connect for authorization code flow.
When I do POST, CAS login page comes up, I enter credential and authorize access, I successfully got the authorization code, but when I call POST or GET to get access token or Id token, I keep getting 401, "No message available" error.
What am I missing?
Someone said I am missing Authorization header. What should goes in this header? I tried putting Basic Auth with my user credentials, not working.
Thanks!
Yan
My request looks like this, content-type is: application/x-www-form-urlencoded
grant_type=authorization_code&
code=OC-5-G5bbL-TKNHW-0xd9KWGUFeEcsycinjqI&
client_id=demoOIDC&
client_secret=password&
redirect_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug
Yan Zhou
Mar 12, 2019, 3:24:37 PM3/12/19
to CAS Community
when I go for ID-token directly (as oppose to get authorization code first, then token second), I am getting "Application Not Authorized to use CAS" error, but the URL is clearly in the JSON service file.
2019-03-12 15:23:26,171 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^(https|imaps)://localhost:8543/cas5/.*]>
2019-03-12 15:23:26,172 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [^https://oidcdebugger.com/debug]>
2019-03-12 15:23:26,172 DEBUG [org.apereo.cas.services.AbstractServicesManager] - <Adding registered service [https://localhost:8543/cas5/oauth2.0/callbackAuthorize.*]>
here is my POST
Thanks!
Andy Ng
Mar 13, 2019, 9:40:38 AM3/13/19
to CAS Community
Hello,
Hmm that is very strange, I am still using CAS 5.3.x and POST working fine.
I don't think trying for ID-token directly might not be what you want, since ID-token is different than the authentication code flow, so you are testing 2 things here.
I do see that your POST is a bit strange, did you put all your parameter on the query like so
https://localhost:8543/cas5/oidc/authorize?client_id=demoOIDC&redirect_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug&scope=openid&response_type=code%20id_token&response_mode=form_post&nonce=gb63gw2hmqk
The url should only be https://localhost:8543/cas5/oidc/authorize, and the parameter should be sent using other means.
You can use Postman or insomnia or some software like that to help you make an proper post request.
https://localhost:8543/cas5/oidc/authorize?client_id=demoOIDC&redirect_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug&scope=openid&response_type=code%20id_token&response_mode=form_post&nonce=gb63gw2hmqk
The url should only be https://localhost:8543/cas5/oidc/authorize, and the parameter should be sent using other means.
You can use Postman or insomnia or some software like that to help you make an proper post request.
If you use Postman:
1. put url as only https://localhost:8543/cas5/oidc/authorize
1. put url as only https://localhost:8543/cas5/oidc/authorize
2 Select POST method
3. Select Body tab
4. Add all your query parameter to the key and value pairs in body
3. Select Body tab
4. Add all your query parameter to the key and value pairs in body
At least that what works for me, see if that works for you too!
Cheers!
- Andy
- Andy
Reply all
Reply to author
Forward
0 new messages