Hi,
I am trying to configure CAS 6.0.1 to delegate to Azure AD using Oauth2
My overlay build.gradle contains the following:
dependencies {
compile "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}"
compile "org.apereo.cas:cas-server-support-pac4j-webflow:${project.'cas.version'}"
}
My cas.properties contains the following:
I have added the CAS redirect URL to the allowed Reply URLs for the App registration in Azure AD.
When I point my browser at CAS:
- My browser is redirected to Azure AD.
- I login to Azure AD.
- My browser is redirected back to CAS.
However, at that point CAS fails to complete the login, and the following error is displayed in the log.
2019-03-06 11:04:52,337 DEBUG [org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor] - <sessionState: TST-1-uwQC-bMB6BHZNkzhpUtVfKZDZhtiHf9R / stateParameter: TST-1-uwQC-bMB6BHZNkzhpUtVfKZDZhtiHf9R>
2019-03-06 11:04:52,337 DEBUG [org.pac4j.oauth.credentials.extractor.OAuth20CredentialsExtractor] - <code: AQABAAIAAACEfexXxjamQb3OeGQ4GugvwYgFHYRZxIL1IOezVY3ljBAbpR2DyzQQn4IaRQr01EPGQAGlQOQEepuEe3ndxRh8UX1OAB2zeIJ0Wf1Zu3xbN5KA6aGzGY0PDDcTuk5nx1gfhIZBbxibSRRidqhhCU-mhYY-lgie48PhAge30b214EBYBfhhqZz6jZk9KjkkjRuKkiYRNSl0yF__Z8gwffML09WzSaB6pPBuxRWUL79lXr9KqBYo4L6IkysMOqt2PGGZDJJRKcC6SruDgjuVCynJ7k8TIi0CdHCMQWDahHpMXWMkQycfJheACNHnXjQOk-meLqKS9LGeqMTBQPsBtnmBLwFeuwCH0vavzfkSbBpOvjwVnQeS16Gwp490ZkGEKEFtO5RBRA_nqtpMZoTNTe7TXrjdXiChoASALT8zaddPXP9wN1DErR1z99r8DldEkA4qM3-ULzKtrhBDGOG7qrmYo9KSq_qqUs0NM7i0wNwxTrQ9Q6qEGfC46t3NqBOTDBoHtY5KHS2p3GlvlSHjMg8DIO9dGphGHC5L-p5Jfjn-awwYsnDQ62P4n2d4tSHLqNcgAA>
2019-03-06 11:04:52,337 DEBUG [org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator] - <code: AQABAAIAAACEfexXxjamQb3OeGQ4GugvwYgFHYRZxIL1IOezVY3ljBAbpR2DyzQQn4IaRQr01EPGQAGlQOQEepuEe3ndxRh8UX1OAB2zeIJ0Wf1Zu3xbN5KA6aGzGY0PDDcTuk5nx1gfhIZBbxibSRRidqhhCU-mhYY-lgie48PhAge30b214EBYBfhhqZz6jZk9KjkkjRuKkiYRNSl0yF__Z8gwffML09WzSaB6pPBuxRWUL79lXr9KqBYo4L6IkysMOqt2PGGZDJJRKcC6SruDgjuVCynJ7k8TIi0CdHCMQWDahHpMXWMkQycfJheACNHnXjQOk-meLqKS9LGeqMTBQPsBtnmBLwFeuwCH0vavzfkSbBpOvjwVnQeS16Gwp490ZkGEKEFtO5RBRA_nqtpMZoTNTe7TXrjdXiChoASALT8zaddPXP9wN1DErR1z99r8DldEkA4qM3-ULzKtrhBDGOG7qrmYo9KSq_qqUs0NM7i0wNwxTrQ9Q6qEGfC46t3NqBOTDBoHtY5KHS2p3GlvlSHjMg8DIO9dGphGHC5L-p5Jfjn-awwYsnDQ62P4n2d4tSHLqNcgAA>
2019-03-06 11:04:53,522 DEBUG [org.pac4j.oauth.credentials.authenticator.OAuth20Authenticator] - <accessToken: com.github.scribejava.core.model.OAuth2AccessToken@6a3ddd2e>
2019-03-06 11:04:53,522 DEBUG [org.pac4j.oauth.client.GenericOAuth20Client] - <Credentials validation took: 1185 ms>
2019-03-06 11:04:53,522 INFO [org.apereo.cas.web.flow.DelegatedClientAuthenticationAction] - <Credentials are successfully authenticated using the delegated client [AzureAD]>
2019-03-06 11:04:53,539 DEBUG [org.pac4j.oauth.client.GenericOAuth20Client] - <credentials : #OAuth20Credentials# | code: AQABAAIAAACEfexXxjamQb3OeGQ4GugvwYgFHYRZxIL1IOezVY3ljBAbpR2DyzQQn4IaRQr01EPGQAGlQOQEepuEe3ndxRh8UX1OAB2zeIJ0Wf1Zu3xbN5KA6aGzGY0PDDcTuk5nx1gfhIZBbxibSRRidqhhCU-mhYY-lgie48PhAge30b214EBYBfhhqZz6jZk9KjkkjRuKkiYRNSl0yF__Z8gwffML09WzSaB6pPBuxRWUL79lXr9KqBYo4L6IkysMOqt2PGGZDJJRKcC6SruDgjuVCynJ7k8TIi0CdHCMQWDahHpMXWMkQycfJheACNHnXjQOk-meLqKS9LGeqMTBQPsBtnmBLwFeuwCH0vavzfkSbBpOvjwVnQeS16Gwp490ZkGEKEFtO5RBRA_nqtpMZoTNTe7TXrjdXiChoASALT8zaddPXP9wN1DErR1z99r8DldEkA4qM3-ULzKtrhBDGOG7qrmYo9KSq_qqUs0NM7i0wNwxTrQ9Q6qEGfC46t3NqBOTDBoHtY5KHS2p3GlvlSHjMg8DIO9dGphGHC5L-p5Jfjn-awwYsnDQ62P4n2d4tSHLqNcgAA | accessToken: com.github.scribejava.core.model.OAuth2AccessToken@6a3ddd2e |>
2019-03-06 11:04:53,539 DEBUG [org.pac4j.oauth.profile.creator.OAuth20ProfileCreator] - <accessToken: com.github.scribejava.core.model.OAuth2AccessToken@6a3ddd2e / dataUrl: null>
2019-03-06 11:04:53,541 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [ClientCredential(credentials=#OAuth20Credentials# | code: AQABAAIAAACEfexXxjamQb3OeGQ4GugvwYgFHYRZxIL1IOezVY3ljBAbpR2DyzQQn4IaRQr01EPGQAGlQOQEepuEe3ndxRh8UX1OAB2zeIJ0Wf1Zu3xbN5KA6aGzGY0PDDcTuk5nx1gfhIZBbxibSRRidqhhCU-mhYY-lgie48PhAge30b214EBYBfhhqZz6jZk9KjkkjRuKkiYRNSl0yF__Z8gwffML09WzSaB6pPBuxRWUL79lXr9KqBYo4L6IkysMOqt2PGGZDJJRKcC6SruDgjuVCynJ7k8TIi0CdHCMQWDahHpMXWMkQycfJheACNHnXjQOk-meLqKS9LGeqMTBQPsBtnmBLwFeuwCH0vavzfkSbBpOvjwVnQeS16Gwp490ZkGEKEFtO5RBRA_nqtpMZoTNTe7TXrjdXiChoASALT8zaddPXP9wN1DErR1z99r8DldEkA4qM3-ULzKtrhBDGOG7qrmYo9KSq_qqUs0NM7i0wNwxTrQ9Q6qEGfC46t3NqBOTDBoHtY5KHS2p3GlvlSHjMg8DIO9dGphGHC5L-p5Jfjn-awwYsnDQ62P4n2d4tSHLqNcgAA | accessToken: com.github.scribejava.core.model.OAuth2AccessToken@6a3ddd2e |, clientName=AzureAD, typedIdUsed=true, userProfile=null)] of type [ClientCredential]. Examine the configuration to ensure a method of authentication is defined and analyze CAS logs at DEBUG level to trace the authentication event.>
Any ideas what I'm doing wrong?