[CAS 5.0.3] Application Not Authorized issue

[AJ]

Hi,

 

I'm trying to test Oauth 2.0 authorization on my cas 5.0.3 server using the cas-pac4j-oauth-client-demo as a sample client. However, I'm getting an "Application Not Authorized" error when I click on the link that takes me to external cas delegation.  This is probably because I haven't set the client ID and secret on the client side. However, I don't see a way to configure this. Can someone please let me know how I can do this?

 

For reference, the JSON I'm using to register the client is:

{

  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",

  "clientId": "cas",

  "clientSecret": "secret",

  "bypassApprovalPrompt": false,

  "serviceId" : "localhost:1234/cas",

  "name" : CasClient",

  "id" : 10000001

}

 

 

Thanks,

AJ

[Robert Ledermüller]

Hi,

check your serviceId. This has to match the URL where your client is running. You are missing the protocol. Please have a look in the documentation [1].

Also check the logs of the CAS server. There should be more data on what went wrong.

Best

-- Robert

[1] https://apereo.github.io/cas/5.0.x/installation/OAuth-OpenId-Authentication.html#add-oauth-clients

[Yaroslav Panych]

Dude, your service registry has NOTHING to do with Delegated
authentication! All you need is set properties in cas.properties
https://apereo.github.io/cas/5.0.x/installation/Configuration-Properties.html#pac4j

> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines:
> https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cdaae8a2-62f7-42ff-8cfe-655e63868628%40apereo.org.

[AJ]

Hi all,

Thanks for your help. As this is for testing purposes, I ended up using a regex in the serviceID that matched to all localhost urls. The one that was offered in the demo seemed not to be working properly, so I used "^https?:\/\/localhost.*" instead and it worked perfectly. 

A follow up question- I was able to get CAS to read the service registry file by adding it to the temp folder the service registries were being put into. However, I am unsure where a more permanent location is to put service files. I have the following property set in my cas.properties, but even when I put files in that folder they aren't read:

cas.serviceRegistry.config.location=classpath:/services

I didn't see any other property that seemed relevant. Without adding the files directly into the temp folder, I get the following message in the logs:

017-03-30 14:12:44,299 DEBUG [org.springframework.integration.transaction.PseudoTransactionManager] - <Initiating transaction commit>

017-03-30 14:12:51,376 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loading services from InMemoryServiceRegistryDaoImpl>

017-03-30 14:12:51,376 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^(https|imaps)://.*>

017-03-30 14:12:51,376 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^https://www.apereo.org>

017-03-30 14:12:51,376 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services from InMemoryServiceRegistryDaoImpl.>

017-03-30 14:13:03,377 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loading services from InMemoryServiceRegistryDaoImpl>

017-03-30 14:13:03,377 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^(https|imaps)://.*>

017-03-30 14:13:03,377 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^https://www.apereo.org>

017-03-30 14:13:03,378 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services from InMemoryServiceRegistryDaoImpl.>

017-03-30 14:13:15,379 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loading services from InMemoryServiceRegistryDaoImpl>

017-03-30 14:13:15,379 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^(https|imaps)://.*>

017-03-30 14:13:15,379 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^https://www.apereo.org>

017-03-30 14:13:15,379 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services from InMemoryServiceRegistryDaoImpl.>

and I believe that these two registered services being added are just the default ones included with the server

Thanks!

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGbteJL9r5EZwKyU5FWq6_rptfgR_8jPv2SGCzA%2Bj6A5C3pvkg%40mail.gmail.com.

[Robert Ledermüller]

Hi,

I guess you are using a JSON service definition? If so, please have a look into this documentation [1].

This [2] article is also a good starting point about configuring services.

Best

-- Robert

[1] https://apereo.github.io/cas/5.0.x/installation/JSON-Service-Management.html

[2] https://apereo.github.io/cas/5.0.x/installation/Service-Management.html