Generic OAuth2.0 client redirects to login page instead of service URL specified

61 views

Skip to first unread message

Nishant Singh

unread,

Aug 13, 2019, 9:14:23 AM8/13/19

to CAS Community

Hello,

My CAS application (5.3) does not redirect the user to the provided service URL after logging into Instagram using Generic OAuth2.0. Instead the user lands on the login page which says Log In Successful and the following message:

You, {user}, have successfully logged into the Central Authentication Service. However, you are seeing this page because CAS does not know about your target destination and how to get you there. Examine the authentication request again and make sure a target service/application that is authorized and registered with CAS is specified.

The user should actually be taken to the service url along with the Service Ticket ST parameter. But that is not happening. However, the remaining pac4j inbuilt clients like Facebook, Google, LinkedIn etc are working properly. This only happens when I am use the OAuth2.0 client for Instagram and manually defind the properties in cas.properties page.

The following is my configuration:

cas.authn.pac4j.oauth2[0].id={client_id}
cas.authn.pac4j.oauth2[0].secret={client_secret}
cas.authn.pac4j.oauth2[0].authUrl=https://api.instagram.com/oauth/authorize
cas.authn.pac4j.oauth2[0].tokenUrl=https://api.instagram.com/oauth/access_token
cas.authn.pac4j.oauth2[0].clientName=instagram


cas.authn.pac4j.oauth2[0].profileUrl=https://api.instagram.com/v1/users/self/
cas.authn.pac4j.oauth2[0].profilePath=data
cas.authn.pac4j.oauth2[0].profileVerb=GET
cas.authn.pac4j.oauth2[0].autoRedirect=true
cas.authn.pac4j.oauth2[0].principalAttributeId=username
cas.authn.pac4j.oauth2[0].profileAttrs.id=id
cas.authn.pac4j.oauth2[0].profileAttrs.fullName=full_name
cas.authn.pac4j.oauth2[0].profileAttrs.pictureUrl=profile_picture

Service file JSON:

{
  "@class" : "org.jasig.cas.services.RegexRegisteredService",
  "serviceId" : "^https://.*.{domain}.com.*",
  "name" : "eyerne",
  "id" : 10002,
  "description" : "This service definition authorizes the eyerne URL.",
  "accessStrategy" : {
    "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
    "enabled" : true,
    "ssoEnabled" : true
  },
  "bypassApprovalPrompt":true,
  "proxyPolicy" : {
    "@class" : "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
    "pattern" : "^https?://.*"
  },
  "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code", "client_credential"] ],
  "supportedResponseTypes": [ "java.util.HashSet", [ "code", "token" ] ],
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  }
}

One thing which i am suspecting is that when i took at the Network monitor in Google Chrome I find the following:

1. Before logging in, the last URL from Instagram is as below:

https://www.instagram.com/oauth/authorize?client_name=instagram&service={service_url}&response_type=code&client_id={client_id}&redirect_uri=https%3A%2F%2Fwww.cas.{domain}.com%3A8443%2Fcas%2Flogin%3Fclient_name&state={state}

2. After then the login page is loaded as follows:

https://www.cas.eyerne.com:8443/cas/login?code={code}&state={state}

If you carefully look at the Authorization URL in point 1 above, the redirect_uri contains the param client_name as blank or empty. I guess due to this the login page that loads next does not have to client_name added to its URL.

I am not sure this is the root cause, but can anyone help me figure out how to redirect the user to the servie URL and not the login page.

Reply all

Reply to author

Forward

0 new messages