Pac4j Azure Ad issue

[Colin Wilkinson]

Hi,


I am unsure if this related to Pac4j Azure Ad redirect issue or even if its a a CAS issue, but I thought I would start here.

I patched the above issue locally to prevent the tenant from going missing so that I could continure on testing bit hit another error in "org.pac4j.oidc.credentials.authenticator.OidcAuthenticator".

When using the "cas.authn.pac4j.oidc[0].azure" it fails with the following error

Token response: status=401, content={"error":"invalid_client","error_description":"AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.\r\nTrace ID: 2de9a836-b6a8-4ce9-bca2-a88862983800\r\nCorrelation ID: 9ad131b2-ba04-4e51-be8d-e7f99f7a8ab9\r\nTimestamp: 2023-02-20 04:58:34Z","error_codes":[7000218],"timestamp":"2023-02-20 04:58:34Z","trace_id":"2de9a836-b6a8-4ce9-bca2-a88862983800","correlation_id":"9ad131b2-ba04-4e51-be8d-e7f99f7a8ab9","error_uri":"https://login.microsoftonline.com/error?code=7000218","claims":"{\"access_token\":{\"capolids\":{\"essential\":true,\"values\":[\"b6a5a1ff-b5f3-4f73-b5c7-91b62aba058b\"]}}}"

If I can over to "cas.authn.pac4j.oidc[0].generic" remove the "cas.authn.pac4j.oidc[0].azure.tenant" as that is azure specific and correct set the discoverUri to what it should be and get the following,

Token response: status=200, <CONTENT REMOVED>

Regards,
Colin

[CAS Community]

Hi,

It should be fixed: https://github.com/pac4j/pac4j/commit/f6655ae90c753e8c8b3a632579a81feb0dfbef71

Can you test with CAS 7.0.0-RC4 and pac4j v6.0.0-RC6-SNAPSHOT (pull pac4j-core and pac4j-oidc in version 6.0.0-RC6-SNAPSHOT and exclude the same dependencies in v6.0.0-RC5).

Thanks.

Best regards,

Jérôme

[Colin Wilkinson]

This is a pac4j issue and has been raised with pac4j as 

https://groups.google.com/g/pac4j-dev/c/k8Dj3ihjtMU