[CAS As Authorization Server Problem]
92 views
Skip to first unread message
Napoleon Ponaparte
Sep 14, 2020, 4:33:41 AM9/14/20
to CAS Community
Hi,
I am using CAS Apereo version 6.1.7 and I want to user CAS server as
Authorization server.
Here is my service registry:
Step 1:
Register service
cat /etc/cas/services-repo/MyOAuthservice-100.json
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "clientid",
"clientSecret": "clientSecret",
"serviceId" : "^https://hello.*",
"name" : "MyOAuthservice",
"id" : 100,
"supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
"supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "clientid",
"clientSecret": "clientSecret",
"serviceId" : "^https://hello.*",
"name" : "MyOAuthservice",
"id" : 100,
"supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
"supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}
Step 2:
I request Authorization code like this:
Request
Response
[1] 14428
[2] 14429
[2] 14429
Step 3:
Request access token
root@ssostandalone:~# curl https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/accessToken?grant_type=authorization_code&client_id=clientid&client_secret=clientSecret&code=14429&redirect_uri=https://hello.*
Response
{"@class":"java.util.LinkedHashMap","timestamp":["java.util.Date",1600072348620],"status":401,"error":"Unauthorized","message":"No message available","path":"/cas/oauth2.0/accessToken"}
I don't know what is wrong.
Thank you in advance.
Sven Specker
Sep 14, 2020, 5:20:32 AM9/14/20
to cas-...@apereo.org, Napoleon Ponaparte
On 2020-09-14 10:33, Napoleon Ponaparte wrote:
Hi!
> Step 2:
> I request Authorization code like this:
> Request
> curl
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code&client_id=clientid&redirect_uri=https://hello.*
> Response
> [1] 14428
> [2] 14429
That looks like a bash command line. You will need to do
curl
'https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code&client_id=clientid&redirect_uri=https://hello.*'
Otherwise &/*/? are interpreted in the command line and will break the
request.
Here, the 2 "&" caused the command line to spawn 2 background processes
that will try in vain to do anything.
If the screenshot just ate the '' around the curl command, disregard my
comment.
Best regards,
Sven Specker
--
__________________________________________________________________
*** Sven Specker -- University of Frankfurt Computing Center ***
*********** UNIX System Administration (Auth/IDM) ****************
***** spe...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *****
******************************************************************
__________________________________________________________________
Johann Wolfgang Goethe Universitaet
- Hochschulrechenzentrum -
Theodor W. Adorno-Platz 1 (PA-1P16)
D-60323 Frankfurt/Main
__________________________________________________________________
______________ TeX-users do it in {groups}________________________
Hi!
> Step 2:
> I request Authorization code like this:
> Request
> curl
> https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code&client_id=clientid&redirect_uri=https://hello.*
> Response
> [1] 14428
> [2] 14429
curl
'https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code&client_id=clientid&redirect_uri=https://hello.*'
Otherwise &/*/? are interpreted in the command line and will break the
request.
Here, the 2 "&" caused the command line to spawn 2 background processes
that will try in vain to do anything.
If the screenshot just ate the '' around the curl command, disregard my
comment.
Best regards,
Sven Specker
--
__________________________________________________________________
*** Sven Specker -- University of Frankfurt Computing Center ***
*********** UNIX System Administration (Auth/IDM) ****************
***** spe...@rz.uni-frankfurt.de [Phone (+49)-69-798-15188] *****
******************************************************************
__________________________________________________________________
Johann Wolfgang Goethe Universitaet
- Hochschulrechenzentrum -
Theodor W. Adorno-Platz 1 (PA-1P16)
D-60323 Frankfurt/Main
__________________________________________________________________
______________ TeX-users do it in {groups}________________________
Nguyen Tran Thanh Lam
Sep 14, 2020, 11:12:05 AM9/14/20
to spe...@rz.uni-frankfurt.de, CAS Community
Hello Mr
Sven Specker
I have tried
1. Using Ubuntu command line like this
root@ssostandalone:~# curl 'https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code&client_id=clientid&redirect_uri=https://hello.*' | jq
End it responses nothing
2. Then I try to use POSTMAN
Like this
And it replies HTML page
I don't know, what are wrong.
Plase help me.
Thank you.
Vào Th 2, 14 thg 9, 2020 vào lúc 16:20 Sven Specker <spe...@rz.uni-frankfurt.de> đã viết:
Ray Bon
Sep 14, 2020, 11:57:30 AM9/14/20
to spe...@rz.uni-frankfurt.de, cas-...@apereo.org
Nguyen,
Try double quotes and escape :// in redirect_uri, replace it with %3A%2F%2F
Can you curl https://ssostandalone.vdc2.com.vn:8443/cas/login
Ray
On Mon, 2020-09-14 at 22:11 +0700, Nguyen Tran Thanh Lam wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.
Nguyen Tran Thanh Lam
Sep 14, 2020, 12:09:38 PM9/14/20
to CAS Community, spe...@rz.uni-frankfurt.de
Hi Ray,
I have tried
root@ssostandalone:~# curl "https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize?response_type=code&client_id=clientid&redirect_uri=https%3A%2F%2Fhello.*" | jq
But it still request nothing.
If I use
root@ssostandalone:~# curl "https://ssostandalone.vdc2.com.vn:8443/cas/login/oauth2.0/authorize?response_type=code&client_id=clientid&redirect_uri=https%3A%2F%2Fhello.*" | jq
It response
{
"@class": "java.util.LinkedHashMap",
"timestamp": [
"java.util.Date",
1600099585824
],
"status": 404,
"error": "Not Found",
],
"status": 404,
"error": "Not Found",
"message": "No message available",
"path": "/cas/login/oauth2.0/authorize"
}
}
I thinks URL is https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/ is correct.
Here is my service registry again ( I hope it correct)
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "clientid",
"clientSecret": "clientSecret",
"serviceId" : "^https://hello.*",
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "clientid",
"clientSecret": "clientSecret",
"serviceId" : "^https://hello.*",
"name" : "OAuthService",
"id" : 100,
"codeExpirationPolicy": {
"@class": "org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthCodeExpirationPolicy",
"numberOfUses": 1,
"timeToLive": "60"
}
}
"id" : 100,
"codeExpirationPolicy": {
"@class": "org.apereo.cas.support.oauth.services.DefaultRegisteredServiceOAuthCodeExpirationPolicy",
"numberOfUses": 1,
"timeToLive": "60"
}
}
Vào Th 2, 14 thg 9, 2020 vào lúc 22:57 Ray Bon <rb...@uvic.ca> đã viết:
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/366b92685260398e5ce9a4117cc58f392b960845.camel%40uvic.ca.
Ray Bon
Sep 14, 2020, 12:39:00 PM9/14/20
to cas-...@apereo.org, spe...@rz.uni-frankfurt.de
Nguyen,
I am wonder if it is network access. I meant to try
to be sure cas is running correctly. I have not used oauth so maybe you already know cas is working correctly.
Ray
Sven Specker
Sep 15, 2020, 3:35:03 AM9/15/20
to Ray Bon, cas-...@apereo.org
On 2020-09-14 17:57, Ray Bon wrote:
> Nguyen,
>
> Try double quotes and escape :// in redirect_uri, replace it with %3A%2F%2F
>
> Can you curl https://ssostandalone.vdc2.com.vn:8443/cas/login
>
> Ray
>
Hi!
> Nguyen,
>
> Try double quotes and escape :// in redirect_uri, replace it with %3A%2F%2F
>
> Can you curl https://ssostandalone.vdc2.com.vn:8443/cas/login
>
> Ray
>
I should not write stuff on mondays.
If URL-Encoding is needed, then rather use curl for it:
curl --get --insecure
"https://ssostandalone.vdc2.com.vn:8443/cas/oauth2.0/authorize"
--data-urlencode "response_type=code" --data-urlencode
"clientid=clientid" --data-urlencode 'redirect_uri=https://hello.*'
That should make sure everything is properly encoded.
Otherwise, it might be a hiccup in CAS itself as was already mentioned.
Since you get an answer, network stuff should not be a direct issue, imho.
Nguyen Tran Thanh Lam
Sep 16, 2020, 3:35:49 AM9/16/20
to CAS Community
Hi Ray,
Oauth2 have run
When I call
Thank you
Vào Th 2, 14 thg 9, 2020 vào lúc 23:39 Ray Bon <rb...@uvic.ca> đã viết:
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c241739405928540c4a82147629fe2b96e703c33.camel%40uvic.ca.
Nguyen Tran Thanh Lam
Sep 16, 2020, 3:39:58 AM9/16/20
to CAS Community
Hi
Sven Specke,
I have try
curl --get --insecure "https://casoverlay.vdc2.com.vn:8443/cas/oauth2.0/authorize" --data-urlencode "response_type=code" --data-urlencode "clientid=clientid" --data-urlencode 'redirect_uri=https://hello.*' | jq
And it replies nothing 😢
Vào Th 4, 16 thg 9, 2020 vào lúc 14:35 Nguyen Tran Thanh Lam <naphalu...@gmail.com> đã viết:
Sven Specker
Sep 16, 2020, 4:00:42 AM9/16/20
to cas-...@apereo.org, Nguyen Tran Thanh Lam
On 2020-09-16 09:39, Nguyen Tran Thanh Lam wrote:
> Hi Sven Specke,
> I have try
> curl --get --insecure
> "https://casoverlay.vdc2.com.vn:8443/cas/oauth2.0/authorize"
> --data-urlencode "response_type=code" --data-urlencode
> "clientid=clientid" --data-urlencode 'redirect_uri=https://hello.*' | jq
> Hi Sven Specke,
> I have try
> curl --get --insecure
> "https://casoverlay.vdc2.com.vn:8443/cas/oauth2.0/authorize"
> --data-urlencode "response_type=code" --data-urlencode
> "clientid=clientid" --data-urlencode 'redirect_uri=https://hello.*' | jq
> image.png
> And it replies nothing 😢
>
Hm. That's odd indeed. Works with my setups. Then I fear, I cannot help
> And it replies nothing 😢
>
you from memory. Sorry.
Nguyen Tran Thanh Lam
Sep 16, 2020, 4:06:29 AM9/16/20
to CAS Community
Hi
Sven Specker,
Could you give me your service registry file?
Thank you. Regards
Vào Th 4, 16 thg 9, 2020 vào lúc 15:00 Sven Specker <spe...@rz.uni-frankfurt.de> đã viết:
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/96bbc1c9-ebff-6ec9-d17d-72be376e508f%40rz.uni-frankfurt.de.
Reply all
Reply to author
Forward
0 new messages