OIDC? Vendor

[Bryan Wooten]

Ok we have a vendor Modolabs doing a mobile app connected to CAS with OIDC config (JSON service registry)

Anyone have experience? Things ain't going well. (Modo claims CAS is sending multiple 302 redirects for Service Ticket validation). 

-Bryan

[Ray Bon]

Bryan,

When their are too many redirects on ST validation, this is almost exclusively a misconfigured client.

Just so that I am clear about the relationship: Modolabs' mobile app is trying to authenticate with your cas server and getting caught in a too many redirects loop?

Ticket validation _must_ be done over https. 

The certificate must be valid (java will silently terminate the request before it gets to tomcat/jetty/etc and cas).

The clocks of the two endpoints must be in sync (or close). By default the ST only lasts 10 seconds (this can be increased in cas.properties).

You should be able to see from the audit log, failed ticket validation, if the ticket is getting to cas.

If the above does not help, please add some more details about the log in flow and any error messages.

Ray

On Mon, 2021-02-08 at 13:59 -0700, Bryan Wooten wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

Ok we have a vendor Modolabs doing a mobile app connected to CAS with OIDC config (JSON service registry)

Anyone have experience? Things ain't going well. (Modo claims CAS is sending multiple 302 redirects for Service Ticket validation). 

-Bryan

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.