JAMF OIDC

[Matthew Gordon]

I was able to get JAMF SSO working with OIDC, but the OIDCUsePassthroughAuth portion of JAMF isn't working. I was wondering if anyone used JAMF with CAS and didn't require the users to login twice?

Thank you,

Matt

[Jeremiah Garmatter]

Hi Matt,

I am looking to configure Jamf Connect with my CAS instance. I currently have the OIDC portion working with CAS but the ROPG returns a CAS 500 internal server error related to an "InvalidTicketException: null" error.

Did you run into anything like this when configuring CAS with JAMF Connect? The error only happens on Resource Owner Password Grants.

Also, did you find a way to prevent users having to log in twice?

[Gordon, Matthew]

Hi Jeremiah,

My Service Config:

{

"@class" : "org.apereo.cas.services.OidcRegisteredService",

"clientId": "[CLIENT_ID]",

"clientSecret": "[CLIENT_SECRET]",

"serviceId" : "https://127.0.0.1/jamfconnect",

"name" : "Mac User Login",

"id" : 1,

"attributeReleasePolicy" : {

"@class": "org.apereo.cas.services.ReturnMappedAttributeReleasePolicy",

"allowedAttributes": {

"@class": "java.util.TreeMap",

"displayName": "Realname",

"mail": "email",

"cn": "name",

"sn": "family_name",

"sn": "familyName",

"givenName": "given_name"

}

},

"jwtAccessToken": true,

"signIdToken": false,

"encryptIdToken": false,

"signAccessToken": false,

"encryptAccessToken": false,

"evaluationOrder":1,

"bypassApprovalPrompt": true,

"supportedGrantTypes": [ "java.util.HashSet", [ "password","authorization_code" ] ],

"supportedResponseTypes": [ "java.util.HashSet", [ "code","token","id_token" ] ]

}

I think on the Jamf side we are using the Azure AD and not generic option: https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Azure_AD_Integration.html

That was the trick to the not getting prompted.

If you use SSO though it breaks that, and they will still get prompted. It's a bug since it tries to capture the content of the last password box to use as the user password for the user. They are aware.

Thank you,

Matt

-----Original Message-----

From: Jeremiah Garmatter <j-gar...@onu.edu>

To: CAS Community <cas-...@apereo.org>

Cc: mago...@hacc.edu <mago...@hacc.edu>

Subject: Re: JAMF OIDC

Date: 06/21/2023 02:13:58 PM

	CAUTION: This email originated outside ofHACC. Please do not click links or open attachments unless you recognize and/or trust the sender. Forward this message tosuspi...@hacc.edu if you are unsure of the content.  id:HAb2e815ff6a8d6c97CC

To unsubscribe: email unsub...@hacc.edu with sender email address and subject.

This email and any files attached from HACC, Central Pennsylvania's Community College are confidential and intended solely for use by the individual or entity to whom addressed. If you have received this email in error please notify postm...@hacc.edu This message may contain confidential information and is intended only for the individual named. If you are not the named addressee do not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.