Cas Azure AD
224 views
Skip to first unread message
Jerome Denechaud (wanexa)
Jul 3, 2023, 3:24:06 PM7/3/23
to CAS Community
Hello
trying to deploy cas server for delegate azure ad auth
I'm working with docker image apereo/cas:latest
I'm working with docker image apereo/cas:latest
I added cas.properties file as below
cas.authn.pac4j.oidc[0].azure.display-name= cas
cas.authn.pac4j.oidc[0].azure.auto-redirect-type= SERVER
cas.authn.pac4j.oidc[0].azure.client-name= cas
cas.authn.pac4j.oidc[0].azure.enabled= true
cas.authn.pac4j.oidc[0].azure.id= xxxxxxxxxxxx
cas.authn.pac4j.oidc[0].azure.response-mode= form_post
cas.authn.pac4j.oidc[0].azure.response-type= id_token
cas.authn.pac4j.oidc[0].azure.scope= openid
cas.authn.pac4j.oidc[0].azure.secret= xxxxxxxxxxxx
cas.authn.pac4j.oidc[0].azure.tenant= xxxxxxxxxxxxxx
cas.authn.pac4j.oidc[0].azure.use-nonce= true
cas.authn.pac4j.oidc[0].azure.discovery-uri= https://login.microsoftonline.com/xxxxxxxxxxxxx/v2.0/.well-known/openid-configuration
cas.authn.pac4j.oidc[0].azure.logout-url= https://login.microsoftonline.com/common/oauth2/logout
cas.serviceRegistry.json.location: file:/etc/cas/services
cas.authn.pac4j.oidc[0].azure.auto-redirect-type= SERVER
cas.authn.pac4j.oidc[0].azure.client-name= cas
cas.authn.pac4j.oidc[0].azure.enabled= true
cas.authn.pac4j.oidc[0].azure.id= xxxxxxxxxxxx
cas.authn.pac4j.oidc[0].azure.response-mode= form_post
cas.authn.pac4j.oidc[0].azure.response-type= id_token
cas.authn.pac4j.oidc[0].azure.scope= openid
cas.authn.pac4j.oidc[0].azure.secret= xxxxxxxxxxxx
cas.authn.pac4j.oidc[0].azure.tenant= xxxxxxxxxxxxxx
cas.authn.pac4j.oidc[0].azure.use-nonce= true
cas.authn.pac4j.oidc[0].azure.discovery-uri= https://login.microsoftonline.com/xxxxxxxxxxxxx/v2.0/.well-known/openid-configuration
cas.authn.pac4j.oidc[0].azure.logout-url= https://login.microsoftonline.com/common/oauth2/logout
cas.serviceRegistry.json.location: file:/etc/cas/services
test-1.json
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "^(https?)://.*",
"name" : "test",
"id" : 1,
"evaluationOrder" : 1
}
"serviceId" : "^(https?)://.*",
"name" : "test",
"id" : 1,
"evaluationOrder" : 1
}
on azure side
public address no dns
when I'm trying to authenticate on my app portal
06:10:07 ERROR [o.a.c.s.w.s.RegisteredServiceResponseHeadersEnforcementFilter] - <Service unauthorized
RegisteredServiceAccessStrategyAuditableEnforcer.java:lambda$execute$6:200
Optional.java:orElseGet:364
RegisteredServiceAccessStrategyAuditableEnforcer.java:execute:194
>
RegisteredServiceAccessStrategyAuditableEnforcer.java:lambda$execute$6:200
Optional.java:orElseGet:364
RegisteredServiceAccessStrategyAuditableEnforcer.java:execute:194
>
switch to debug in log4j but can't find anything more
startup log:
startup log:
05:22:12 INFO [o.a.c.c.CasConfigurationPropertiesValidator] - <Validated CAS property sources and configuration successfully.>
05:22:16 INFO [o.a.c.c.DefaultCasConfigurationPropertiesSourceLocator] - <Configuration files found at [/etc/cas/config] are [[]] under profile(s) [[standalone]]>
05:22:16 INFO [o.a.c.c.CasConfigurationPropertiesValidator] - <Validated CAS property sources and configuration successfully.>
05:22:16 INFO [o.a.c.w.CasWebApplication] - <The following 1 profile is active: "standalone">
05:22:29 INFO [o.a.c.c.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that ar
e made to service definitions during runtime WILL be LOST when the CAS server is restarted. Ideally for production, you should choose a storage option (JSON, JDBC, MongoDb, etc
) to track service definitions.>
05:22:36 WARN [o.s.b.a.s.s.UserDetailsServiceAutoConfiguration] - <
Using generated security password: jkljljlk
This generated password is for development use only. Your security configuration must be updated before running your application in production.
>
05:22:37 INFO [o.s.s.w.a.c.ChannelProcessingFilter] - <Validated configuration attributes>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will secure any request with [org.springframework.security.web.access.channel.ChannelProcessingFilter@69069866, org.sp
ringframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2f9addd4, org.springframework.web.filter.CorsFilter@1c43df76, org.springframework.security.web
.servletapi.SecurityContextHolderAwareRequestFilter@1d7c9811, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@ff2266c, org.springframework.securit
y.web.access.ExceptionTranslationFilter@7757a37f, org.springframework.security.web.access.intercept.AuthorizationFilter@2335aef2]>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/login/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/logout/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/validate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/serviceValidate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/p3/serviceValidate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/proxyValidate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/p3/proxyValidate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/proxy/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/webjars/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/js/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/css/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/images/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/static/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/error']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/favicon.ico']>
05:22:41 INFO [o.a.c.c.CasCoreTicketsConfiguration] - <Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during
runtime will be LOST when the web server is restarted. This MAY impact SSO functionality.>
05:22:41 INFO [o.a.c.u.CoreTicketUtils] - <Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using othe
r choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.>
05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryptio
n key>
05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Generated encryption key [jklhkjjk] of size [256] for [Ticket-granting Cookie]. The
generated key MUST be added to CAS settings:
cas.tgc.crypto.encryption.key=jklhkjjk
>
05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key>
05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Generated signing key [oQ30Tk3YNd_mYgu7um3kuIUFzPamDVkfSjdDVaEvhW6Wh1YhgqRNgwoYHh5eSJhyc8sTin7naLdaob4UARLseA] of size
[512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings:
cas.tgc.crypto.signing.key=oQ30Tk3YNd_mYgu7um3kuIUFzPamDVkfSjdDVaEvhW6Wh1YhgqRNgwoYHh5eSJhyc8sTin7naLdaob4UARLseA
>
05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the si
gning key>
05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Generated signing key [gBCy5m2niOKZMNmLE-_yVJFhBRK2mCw1diQZHcr16CRqAs7aMUxyLHo-zYWyFizksC_JVaq7tLjYw0SYlW9s5Q] of size
[512]. The generated key MUST be added to CAS settings:
cas.webflow.crypto.signing.key=gBCy5m2niOKZMNmLE-_yVJFhBRK2mCw1diQZHcr16CRqAs7aMUxyLHo-zYWyFizksC_JVaq7tLjYw0SYlW9s5Q
>
05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Secret key for encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate
the encryption key>
05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Generated encryption key [knHc-h7pqGrVVLbZYNXiuA] of size [16]. The generated key MUST be added to CAS settings:
cas.webflow.crypto.encryption.key=knHc-h7pqGrVVLbZYNXiuA
>
05:22:45 WARN [o.a.c.c.s.a.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <>
05:22:45 WARN [o.a.c.c.s.a.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <
____ _____ ___ ____ _
/ ___|_ _/ _ \| _ \| |
\___ \ | || | | | |_) | |
___) || || |_| | __/|_|
|____/ |_| \___/|_| (_)
CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this
authentication method by setting 'cas.authn.accept.enabled=false' and switch to a mode that is more suitable for production.>
05:22:45 WARN [o.a.c.c.s.a.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <>
05:22:45 INFO [o.a.c.w.CasWebApplication] - <Started CasWebApplication in 33.514 seconds (JVM running for 37.949)>
05:22:45 INFO [o.a.c.s.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <>
05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <
____ _____ _ ______ __
| _ \| ____| / \ | _ \ \ / /
| |_) | _| / _ \ | | | \ V /
| _ <| |___ / ___ \| |_| || |
|_| \_\_____/_/ \_\____/ |_|
>
05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <>
05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <Ready to process requests @ [2023-07-03T12:22:45.529Z]>
05:23:15 INFO [o.a.c.t.r.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
05:23:40 INFO [o.a.i.a.s.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {result=Service Access Denied, service=https://xxx.com/login.php}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Mon Jul 03 12:23:40 UTC 2023
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: x.x.x.x
=============================================================
>
05:22:16 INFO [o.a.c.c.DefaultCasConfigurationPropertiesSourceLocator] - <Configuration files found at [/etc/cas/config] are [[]] under profile(s) [[standalone]]>
05:22:16 INFO [o.a.c.c.CasConfigurationPropertiesValidator] - <Validated CAS property sources and configuration successfully.>
05:22:16 INFO [o.a.c.w.CasWebApplication] - <The following 1 profile is active: "standalone">
05:22:29 INFO [o.a.c.c.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that ar
e made to service definitions during runtime WILL be LOST when the CAS server is restarted. Ideally for production, you should choose a storage option (JSON, JDBC, MongoDb, etc
) to track service definitions.>
05:22:36 WARN [o.s.b.a.s.s.UserDetailsServiceAutoConfiguration] - <
Using generated security password: jkljljlk
This generated password is for development use only. Your security configuration must be updated before running your application in production.
>
05:22:37 INFO [o.s.s.w.a.c.ChannelProcessingFilter] - <Validated configuration attributes>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will secure any request with [org.springframework.security.web.access.channel.ChannelProcessingFilter@69069866, org.sp
ringframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@2f9addd4, org.springframework.web.filter.CorsFilter@1c43df76, org.springframework.security.web
.servletapi.SecurityContextHolderAwareRequestFilter@1d7c9811, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@ff2266c, org.springframework.securit
y.web.access.ExceptionTranslationFilter@7757a37f, org.springframework.security.web.access.intercept.AuthorizationFilter@2335aef2]>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/login/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/logout/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/validate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/serviceValidate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/p3/serviceValidate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/proxyValidate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/p3/proxyValidate/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/proxy/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/webjars/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/js/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/css/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/images/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/static/**']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/error']>
05:22:37 INFO [o.s.s.w.DefaultSecurityFilterChain] - <Will not secure Ant [pattern='/favicon.ico']>
05:22:41 INFO [o.a.c.c.CasCoreTicketsConfiguration] - <Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during
runtime will be LOST when the web server is restarted. This MAY impact SSO functionality.>
05:22:41 INFO [o.a.c.u.CoreTicketUtils] - <Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using othe
r choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.>
05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryptio
n key>
05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Generated encryption key [jklhkjjk] of size [256] for [Ticket-granting Cookie]. The
generated key MUST be added to CAS settings:
cas.tgc.crypto.encryption.key=jklhkjjk
>
05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key>
05:22:43 WARN [o.a.c.u.c.BaseStringCipherExecutor] - <Generated signing key [oQ30Tk3YNd_mYgu7um3kuIUFzPamDVkfSjdDVaEvhW6Wh1YhgqRNgwoYHh5eSJhyc8sTin7naLdaob4UARLseA] of size
[512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings:
cas.tgc.crypto.signing.key=oQ30Tk3YNd_mYgu7um3kuIUFzPamDVkfSjdDVaEvhW6Wh1YhgqRNgwoYHh5eSJhyc8sTin7naLdaob4UARLseA
>
05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the si
gning key>
05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Generated signing key [gBCy5m2niOKZMNmLE-_yVJFhBRK2mCw1diQZHcr16CRqAs7aMUxyLHo-zYWyFizksC_JVaq7tLjYw0SYlW9s5Q] of size
[512]. The generated key MUST be added to CAS settings:
cas.webflow.crypto.signing.key=gBCy5m2niOKZMNmLE-_yVJFhBRK2mCw1diQZHcr16CRqAs7aMUxyLHo-zYWyFizksC_JVaq7tLjYw0SYlW9s5Q
>
05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Secret key for encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate
the encryption key>
05:22:43 WARN [o.a.c.u.c.BaseBinaryCipherExecutor] - <Generated encryption key [knHc-h7pqGrVVLbZYNXiuA] of size [16]. The generated key MUST be added to CAS settings:
cas.webflow.crypto.encryption.key=knHc-h7pqGrVVLbZYNXiuA
>
05:22:45 WARN [o.a.c.c.s.a.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <>
05:22:45 WARN [o.a.c.c.s.a.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <
____ _____ ___ ____ _
/ ___|_ _/ _ \| _ \| |
\___ \ | || | | | |_) | |
___) || || |_| | __/|_|
|____/ |_| \___/|_| (_)
CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this
authentication method by setting 'cas.authn.accept.enabled=false' and switch to a mode that is more suitable for production.>
05:22:45 WARN [o.a.c.c.s.a.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <>
05:22:45 INFO [o.a.c.w.CasWebApplication] - <Started CasWebApplication in 33.514 seconds (JVM running for 37.949)>
05:22:45 INFO [o.a.c.s.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <>
05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <
____ _____ _ ______ __
| _ \| ____| / \ | _ \ \ / /
| |_) | _| / _ \ | | | \ V /
| _ <| |___ / ___ \| |_| || |
|_| \_\_____/_/ \_\____/ |_|
>
05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <>
05:22:45 INFO [o.a.c.w.CasWebApplicationReady] - <Ready to process requests @ [2023-07-03T12:22:45.529Z]>
05:23:15 INFO [o.a.c.t.r.DefaultTicketRegistryCleaner] - <[0] expired tickets removed.>
05:23:40 INFO [o.a.i.a.s.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {result=Service Access Denied, service=https://xxx.com/login.php}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Mon Jul 03 12:23:40 UTC 2023
CLIENT IP ADDRESS: x.x.x.x
SERVER IP ADDRESS: x.x.x.x
=============================================================
>
Any help please ?
Ray Bon
Jul 3, 2023, 4:58:59 PM7/3/23
to cas-...@apereo.org
Jerome,
Your test service is not being loaded.
05:22:45 INFO [o.a.c.s.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
See https://apereo.github.io/cas/6.6.x/services/JSON-Service-Management.html and https://apereo.github.io/cas/6.6.x/services/Service-Management.html
Ray
On Mon, 2023-07-03 at 06:17 -0700, Jerome Denechaud (wanexa) wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Jerome Denechaud
Jul 4, 2023, 6:26:55 AM7/4/23
to cas-...@apereo.org
Hello Ray
thanks for your answer so , I added :
cas.service-registry.json.location=file:/etc/cas/services
move cas.properties in /etc/cas/config
00:06:00 INFO [o.a.c.c.DefaultCasConfigurationPropertiesSourceLocator] - <Configuration files found at [/etc/cas/config] are [[file [/etc/cas/config/cas.properties]]] under profile(s) [[standalone]]>
2023-07-04 07:06:00,785 INFO [org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - <Validated CAS property sources and configuration successfully.>
2023-07-04 07:06:00,789 INFO [org.apereo.cas.web.CasWebApplication] - <The following 1 profile is active: "standalone">
2023-07-04 07:06:00,785 INFO [org.apereo.cas.configuration.CasConfigurationPropertiesValidator] - <Validated CAS property sources and configuration successfully.>
2023-07-04 07:06:00,789 INFO [org.apereo.cas.web.CasWebApplication] - <The following 1 profile is active: "standalone">
but still have
2023-07-04 07:06:30,841 INFO [org.apereo.cas.services.AbstractServicesManager] - <Loaded [0] service(s) from [InMemoryServiceRegistry].>
Bests
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/Jfk3gFG1bgU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b7f4f358afc5c8864760c17be117f0a50c4278a.camel%40uvic.ca.
Ray Bon
Jul 4, 2023, 1:00:44 PM7/4/23
to cas-...@apereo.org
Jerome,
Sorry, I should have also mentioned that you need to enable the JSON service registry (first link in my previous email). With your current config it is using the in memory service registry.
And remember to put your service file in the destination directory.
Ray
Pablo Vidaurri
Sep 21, 2023, 6:48:08 AM9/21/23
to CAS Community, Ray Bon
What version of CAS are you on?
I'm trying v6.6.8 with a similar cas.authn.pac4j.oidc[0].azure config you have posted
cas.authn.pac4j.oidc[0].azure.client-name=AZURE-AD-NEWCO //set AD side to have redirect url of https://localhost:8443/cas/login?client_name=AZURE-AD-NEWCO
but getting an "Invalid CORS request" on redirect back to my cas instance.
Looking at SAML tracer i am getting a 403 (I have wildcarded service defined):
Referer: https://login.microsoftonline.com/
HTTP/1.1 403
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
-psv
Reply all
Reply to author
Forward
0 new messages