How to make CAS 6.1 work with Azure AD?

Александр Бруквин

unread,

Nov 14, 2019, 2:45:16 AM11/14/19

to CAS Community

I try to make CAS 6.1 work with Azure AD

1. I added compile "org.apereo.cas:cas-server-support-pac4j-webflow:${casServerVersion}" dependency to build.gradle and all settings related with azure to cas.properties file

Logs says „No delegated authentication clients are defined and/or configured“ and authentication fails.

What am i doing wrong?

The attached files are the logs, cas.properties, build.gradle and screenshot of authentication attempt

result.PNG

cas.properties

build.gradle

logs.txt

Andy Ng

unread,

Nov 14, 2019, 5:01:56 AM11/14/19

to CAS Community

Hi,

Your method of declaring the property for azure part would not work, see this:

cas.properties (this would not work)

configurationKey=cas.authn.pac4j.oidc[0].azure

${configurationKey}.id=OUR_ID

${configurationKey}.secret=OUR_SECRET

${configurationKey}.principalAttributeId=

..........................

You should be instead, doing something like this:

cas.properties (this should work)

cas.authn.pac4j.oidc[0].azure.id=OUR_ID

cas.authn.pac4j.oidc[0].azure.secret=OUR_SECRET

cas.authn.pac4j.oidc[0].azure.principalAttributeId=

..........................

Also, you probably don't want to add all properties for Azure into your cas.properties, consider removing some of the properties which probably is not necessary

That means, instead of listing all of the cas.properties, you probably can make do with the following azure properties Not tested:

cas.authn.pac4j.oidc[0].azure.discoveryUri=

cas.authn.pac4j.oidc[0].azure.logoutUrl=

cas.authn.pac4j.oidc[0].azure.scope=openid

cas.authn.pac4j.oidc[0].azure.id=OUR_ID

cas.authn.pac4j.oidc[0].azure.secret=SECRET

See if the above info helps...

Cheers!

- Andy

Александр Бруквин

unread,

Nov 15, 2019, 3:54:56 AM11/15/19

to CAS Community

Thank you for replying.

Azure Authentication working now.

How can I remove username and password login form from CAS?

I added this properties to cas.properties file, but username and password login form still remains

cas.authn.accept.users=

cas.authn.accept.name=

cas.authn.accept.credentialCriteria=

четверг, 14 ноября 2019 г., 12:01:56 UTC+2 пользователь Andy Ng написал:

Capture.PNG

Andy Ng

unread,

Nov 15, 2019, 6:10:48 AM11/15/19

to CAS Community

hi,

https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties-Common.html#delegated-authentication-settings

please try autoredirect=true for your azure config.

-Andy

vallee.romain

unread,

Nov 17, 2019, 5:40:49 AM11/17/19

to CAS Community

Hello,

I'm taking advantage of this discussion to know if it's possible to retrieve attributes of a person on "Azure"?

Can we mix an authentication "AD" and "Azure"? I mean by that, if a person is not known on the "AD" that "Jasig" is looking for on AZURE.

Thank you very much.

Andy Ng

unread,

Nov 17, 2019, 8:40:41 PM11/17/19

to CAS Community

Hi vallee.romain,

Would be the best if you can make it a separate post, since your question seems quite different then the one from OP.

Also, would be the best if you can elaborate on your question, what do you mean by "Jasig"? Are you asking 2 question or are those related? Some example given would be the best.

Cheers!

- Andy

vallee.romain

unread,

Nov 18, 2019, 6:22:54 AM11/18/19

to CAS Community

Hello Andy,

i'm sorry if my english is so bad . So i will try to make my question more understandable .

my first question :

Do you think that CAS server can retrieve attributes from azure users ?

My second question :

Is Cas server can mix to auth methode like AD and Azure ? exemple :

if my ad user exist, cas server return true

if my ad user doesn't exist, my cas server can look if this user exist into AZURE ?

Best regards

My second question is

Anmol Budhewar

unread,

Nov 18, 2019, 6:52:58 AM11/18/19

to cas-...@apereo.org

Hello thank you such reply but can you give idea about maven because I am doing in Maven project so Gradle can't solve my problem

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/39bc30f3-20cc-4551-a7e8-0946fd98e08b%40apereo.org.

Andy Ng

unread,

Nov 18, 2019, 9:18:25 AM11/18/19

to CAS Community

Hi Anmol Budhewar,

I think there is some problem with your mail, your mail appear in discussion post what was different from your question.

Please go to https://groups.google.com/a/apereo.org/forum/#!forum/cas-user, click "New Topic" and submit your question that way.

- Andy

Andy Ng

unread,

Nov 18, 2019, 9:24:56 AM11/18/19

to CAS Community

Hi vallee.romain,

No problem on the english, but please make a separate post for your question.

Go to https://groups.google.com/a/apereo.org/forum/#!forum/cas-user, click on "New Topic", and write your question.

- Andy

Reply all

Reply to author

Forward