Combination of Delegated Authentication and Surrogate webflow issue in CAS7.0.6

[Isan S]

Hello all,

We are trying to upgrade from CAS 6.4.6.6 to 7.0.6 using CAS overlay and we are having issue with accessing login page, it was throwing 500 error if we add both delegated authentication and surrogate webflow. If I comment out one of the webflow, it is working. We are not using Passwordless Authentication but somehow it is showing as Caused by: java.lang.ClassNotFoundException: org.apereo.cas.api.PasswordlessAuthenticationRequest

Does anyone have seen this issue before and how to resolve this issue? 

I also try to upgrade to CAS 6.6.15.2 and no issue on using both delegated authentication and surrogate webflow. 

This is the change on build.gradle:

    // service registration
    implementation "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
    // LDAP
implementation "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
// Azure AD Delegation
implementation "org.apereo.cas:cas-server-support-pac4j-webflow:${project.'cas.version'}"
// Surrogate support
implementation "org.apereo.cas:cas-server-support-surrogate-webflow:${project.'cas.version'}"
// use JDBC to get authorization from DB
implementation "org.apereo.cas:cas-server-support-surrogate-authentication-jdbc:${project.'cas.version'}"

snippets of cas.properties:

# AAD Authentication
cas.authn.pac4j.core.discovery-selection.selection-type=MENU
cas.authn.pac4j.oidc[0].azure.tenant=***
cas.authn.pac4j.oidc[0].azure.discovery-uri=***
cas.authn.pac4j.oidc[0].azure.client-name=azuread
cas.authn.pac4j.oidc[0].azure.id=***
cas.authn.pac4j.oidc[0].azure.secret=***
cas.authn.pac4j.oidc[0].azure.auto-redirect-type=NONE
cas.authn.pac4j.oidc[0].azure.principal-id-attribute=onpremisessamaccountname
cas.authn.pac4j.oidc[0].azure.callback-url-type=PATH_PARAMETER
cas.authn.pac4j.oidc[0].azure.logout-url=https://localhost:8080/cas/logout

#surrogate authentication using jdbc

cas.authn.surrogate.jdbc.surrogate-account-query=***
cas.authn.surrogate.jdbc.surrogate-search-query=***

cas.authn.surrogate.jdbc.user=***
cas.authn.surrogate.jdbc.password=***
cas.authn.surrogate.jdbc.driver-class=oracle.jdbc.OracleDriver
cas.authn.surrogate.jdbc.url=***

Attached file is the trace from my local instance

[Jonathon Taylor]

Hi Isan,

We use the same functionality and are currently on 6.6.x.  When testing 7.1.x we ran into the same issue and reported it through our paid/commercial support channel which got it fixed in a subsequent SNAPSHOT release of 7.1.x. 

https://github.com/apereo/cas/commit/0f243843a4c2b766483cc43c9a4387f31aa0373f

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/508148fe-1864-4b15-a50d-ddfc19db74a3n%40apereo.org.

--

Jonathon Taylor (he/him)

Information Security Office

jona...@berkeley.edu

[Isan S]

Thank you very much Jonathon for the information. I will try ver 7.1.x. 

Regards,

Isan

You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/PQkYqmsPwVw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABzqDo_3gpd7U2Q2cAPZSGA5%3Dq0wH6VLMqDDnEk-0RpLT89DGw%40mail.gmail.com.