CAS OIDC requires relative issuer
Marcel Mundl
I have tried using the OIDC plugin in CAS 7.0.0-SNAPSHOT (but I tested it and it also seems to occur in RC5 and RC6) and the ".well-known" and ".well-known/openid-configuration" endpoints are only accessible when settings "cas.authn.oidc.core.issuer" to "/oidc" and "cas.authn.oidc.core.accepted-issuers-pattern" to something that would pass with the domain. However, since the issuer is set as the start of all endpoints in ".well-known" using this from a web-app became impossible, as the web-app sees the redirect to "/oidc/..." and redirects to a page on its own server, rather than on the CAS server.
Sadly I cannot use 6.x.x because I have a dependency in my overlay that requires JRE 17+.
DI-ON.solutions GmbH - Lise-Meitner-Straße 3-1, D-89081 Ulm
Sitz Ulm, Amtsgericht Ulm HRB741194, Geschäftsführer: Oliver Schallhorn, Benny Woletz
Der Inhalt dieser e-Mail ist ausschließlich für den bezeichneten Adressaten bestimmt. Wenn Sie nicht der vorgesehene Adressat dieser e-Mail oder dessen Vertreter sein sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung oder Weitergabe des Inhalts dieser e-Mail unzulässig ist. Wir bitten Sie, sich in diesem Fall mit dem Absender der e-Mail in Verbindung zu setzen.
The content of this e-mail is meant exclusively for the person to whom it is addressed. If you are not the person to whom this e-mail is addressed or his/her representative, please be informed, that any form of knowledge, publication, duplication or distribution of the content of this e-mail is inadmissible. We ask you, therefore, in such a case to please contact the sender of this e-mail.
Marcel Mundl
I did some further examination and found out that setting cas.authn.oidc.core.issuer to "https://cas.example.org:8443/cas/oidc" works as well, but when replacing "cas.example.org" by anything else, the discovery endpoint is broken.
Marcel