Upgrade from 6.2 to 6.5 delegated to AzureAD issue

13 views
Skip to first unread message

Isan S

unread,
Aug 4, 2022, 10:54:11 PMAug 4
to CAS Community

We are having issue with the upgrade from 6.2 to 6.5.6 when accessing cas login url it show ERROR on the log. I can login to Azure AD and it redirected back to client application so login functionality seems working. We enabled json service registration, hazelcast, ldap, delegae authentication and surrogate. Does anyone know if I miss something on the configuration?
Then I tested with lower version 6.4.6.4, there is no error on the log. So I suspect the issue is related to 6.5.x version
DEBUG [org.apereo.cas.support.pac4j.RefreshableDelegatedClients] - <The following clients are built: [[#AzureAdClient# | name: azuread | callbackUrl: <redacted> | callbackUrlResolver: org.pac4j.core.http.callback.PathParameterCallbackUrlResolver@4c55e89c | ajaxRequestResolver: null | redirectionActionBuilder: null | credentialsExtractor: null | authenticator: null | profileCreator: org.pac4j.core.profile.creator.AuthenticatorProfileCreator@4399e4b0 | logoutActionBuilder: org.pac4j.core.logout.NoLogoutActionBuilder@7f4e4a70 | authorizationGenerators: [] | configuration: #AzureAdOidcConfiguration# | clientId: <redacted> | secret: [protected] | discoveryURI: <redacted> | scope: null | customParams: {} | clientAuthenticationMethod: null | useNonce: false | preferredJwsAlgorithm: null | maxAge: null | maxClockSkew: 5 | connectTimeout: 5000 | readTimeout: 5000 | resourceRetriever: null | responseType: code | responseMode: null | logoutUrl: <redacted> | withState: true | stateGenerator: org.pac4j.core.util.generator.RandomValueGenerator@57cd438c | logoutHandler: null | tokenValidator: null | mappedClaims: {} | allowUnsignedIdTokens: false | |]]>

log from 6.5.6
ERROR [org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer] - <Cannot process client [#AzureAdClient# | name: azuread | callbackUrl: <redacted> | callbackUrlResolver: org.pac4j.core.http.callback.PathParameterCallbackUrlResolver@bd9bac8 | ajaxRequestResolver: org.pac4j.core.http.ajax.DefaultAjaxRequestResolver@6f98b639 | redirectionActionBuilder: org.pac4j.oidc.redirect.OidcRedirectionActionBuilder@10266771 | credentialsExtractor: org.pac4j.oidc.credentials.extractor.OidcExtractor@7d10cf80 | authenticator: org.pac4j.oidc.credentials.authenticator.OidcAuthenticator@16913ae | profileCreator: org.pac4j.oidc.profile.azuread.AzureAdProfileCreator@2bea44c4 | logoutActionBuilder: org.pac4j.oidc.logout.OidcLogoutActionBuilder@854a327 | authorizationGenerators: [] | configuration: #AzureAdOidcConfiguration# | clientId: <redacted> | secret: [protected] | discoveryURI: <redacted> | scope: null | customParams: {} | clientAuthenticationMethod: null | useNonce: false | preferredJwsAlgorithm: null | maxAge: null | maxClockSkew: 5 | connectTimeout: 5000 | readTimeout: 5000 | resourceRetriever: org.pac4j.oidc.client.azuread.AzureAdResourceRetriever@73c30162 | responseType: code | responseMode: null | logoutUrl: <url redacted> | withState: true | stateGenerator: org.pac4j.core.util.generator.RandomValueGenerator@24c6b371 | logoutHandler: #DefaultLogoutHandler# | store: #GuavaStore# | size: 10000 | timeout: 30 | timeUnit: MINUTES | | destroySession: false | | tokenValidator: null | mappedClaims: {} | allowUnsignedIdTokens: false | |]>
2022-08-05 10:42:56,976 ERROR [org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer] - <NullPointerException>
java.lang.NullPointerException: null
    at org.apereo.cas.pac4j.client.DefaultDelegatedClientIdentityProviderRedirectionStrategy.getPrimaryDelegatedAuthenticationProvider(DefaultDelegatedClientIdentityProviderRedirectionStrategy.java:51) ~[cas-server-support-pac4j-core-6.5.6.jar:6.5.6]
    at org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy.lambda$getPrimaryDelegatedAuthenticationProvider$0(ChainingDelegatedClientIdentityProviderRedirectionStrategy.java:39) ~[cas-server-support-pac4j-core-6.5.6.jar:6.5.6]
    at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
    at java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1631) ~[?:?]
    at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:127) ~[?:?]
    at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:502) ~[?:?]
    at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:488) ~[?:?]
    at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
    at java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:150) ~[?:?]
    at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
    at java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:543) ~[?:?]
    at org.apereo.cas.pac4j.client.ChainingDelegatedClientIdentityProviderRedirectionStrategy.getPrimaryDelegatedAuthenticationProvider(ChainingDelegatedClientIdentityProviderRedirectionStrategy.java:42) ~[cas-server-support-pac4j-core-6.5.6.jar:6.5.6]
    at org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer.lambda$produce$2(DefaultDelegatedClientIdentityProviderConfigurationProducer.java:74) ~[cas-server-support-pac4j-webflow-6.5.6.jar:6.5.6]
    at java.util.Optional.ifPresent(Optional.java:183) ~[?:?]
    at org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer.lambda$produce$3(DefaultDelegatedClientIdentityProviderConfigurationProducer.java:72) ~[cas-server-support-pac4j-webflow-6.5.6.jar:6.5.6]
    at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:183) ~[?:?]
    at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195) ~[?:?]
    at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:177) ~[?:?]
    at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1654) ~[?:?]
    at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
    at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
    at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:150) ~[?:?]
    at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:173) ~[?:?]
    at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
    at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:497) ~[?:?]
    at org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer.produce(DefaultDelegatedClientIdentityProviderConfigurationProducer.java:69) ~[cas-server-support-pac4j-webflow-6.5.6.jar:6.5.6]
    at org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.produceDelegatedAuthenticationClientsForContext(DelegatedClientAuthenticationAction.java:184) ~[cas-server-support-pac4j-webflow-6.5.6.jar:6.5.6]
    at org.apereo.cas.web.flow.DelegatedClientAuthenticationAction.doExecute(DelegatedClientAuthenticationAction.java:151) ~[cas-server-support-pac4j-webflow-6.5.6.jar:6.5.6]
    at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.engine.State.enter(State.java:194) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.engine.Flow.start(Flow.java:527) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:139) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:264) ~[spring-webflow-2.5.1.RELEASE.jar:2.5.1.RELEASE]
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067) ~[spring-webmvc-5.3.19.jar:5.3.19]
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963) ~[spring-webmvc-5.3.19.jar:5.3.19]
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) ~[spring-webmvc-5.3.19.jar:5.3.19]
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898) ~[spring-webmvc-5.3.19.jar:5.3.19]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) ~[servlet-api.jar:?]
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) ~[spring-webmvc-5.3.19.jar:5.3.19]
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) ~[servlet-api.jar:?]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) ~[tomcat-websocket.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.apereo.cas.web.support.AuthenticationCredentialsThreadLocalBinderClearingFilter.doFilter(AuthenticationCredentialsThreadLocalBinderClearingFilter.java:28) ~[cas-server-core-web-api-6.5.6.jar:6.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.apereo.cas.web.support.filters.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:401) ~[cas-server-core-web-api-6.5.6.jar:6.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.apereo.cas.web.support.filters.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:200) ~[cas-server-core-web-api-6.5.6.jar:6.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.apereo.cas.web.support.filters.AddResponseHeadersFilter.doFilter(AddResponseHeadersFilter.java:62) ~[cas-server-core-web-api-6.5.6.jar:6.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:204) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.debug.DebugFilter.invokeWithWrappedRequest(DebugFilter.java:90) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:78) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.security.web.debug.DebugFilter.doFilter(DebugFilter.java:67) ~[spring-security-web-5.6.1.jar:5.6.1]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.19.jar:5.3.19]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96) ~[spring-boot-actuator-2.6.3.jar:2.6.3]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:104) ~[cas-server-core-logging-6.5.6.jar:6.5.6]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) ~[inspektr-common-1.8.17.GA.jar:1.8.17.GA]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:126) ~[spring-boot-2.6.3.jar:2.6.3]
    at org.springframework.boot.web.servlet.support.ErrorPageFilter.access$000(ErrorPageFilter.java:64) ~[spring-boot-2.6.3.jar:2.6.3]
    at org.springframework.boot.web.servlet.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:101) ~[spring-boot-2.6.3.jar:2.6.3]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.boot.web.servlet.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:119) ~[spring-boot-2.6.3.jar:2.6.3]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.19.jar:5.3.19]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) ~[log4j-web-2.17.1.jar:2.17.1]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) ~[catalina.jar:9.0.29]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) ~[catalina.jar:9.0.29]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) ~[catalina.jar:9.0.29]
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) ~[catalina.jar:9.0.29]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[catalina.jar:9.0.29]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) ~[catalina.jar:9.0.29]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367) ~[tomcat-coyote.jar:9.0.29]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) ~[tomcat-coyote.jar:9.0.29]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) ~[tomcat-coyote.jar:9.0.29]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1591) ~[tomcat-coyote.jar:9.0.29]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-coyote.jar:9.0.29]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-util.jar:9.0.29]
    at java.lang.Thread.run(Thread.java:834) [?:?]

snippets from cas properties related to azure AD configuration:
cas.authn.pac4j.oidc[0].azure.tenant=<redacted>
cas.authn.pac4j.oidc[0].azure.discovery-uri=<redacted>
cas.authn.pac4j.oidc[0].azure.client-name=azuread
cas.authn.pac4j.oidc[0].azure.id=<redacted>
cas.authn.pac4j.oidc[0].azure.secret=<redacted>
cas.authn.pac4j.oidc[0].azure.auto-redirect=false
cas.authn.pac4j.oidc[0].azure.principal-attribute-id=onpremisessamaccountname
cas.authn.pac4j.oidc[0].azure.callback-url-type=PATH_PARAMETER
cas.authn.pac4j.oidc[0].azure.logout-url=<redacted>

I have tried to add other attributes available related to Azure but it is still showing error.

sample of json service registry
{
  "@class":"org.apereo.cas.services.RegexRegisteredService",
  "serviceId":"<redacted>",
  "name" :"myApplication",
  "id": 1,
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  },
  "logoutType" : "FRONT_CHANNEL",
  "logoutUrl" : "<redacted>",
  "accessStrategy": {
    "@class" :"org.apereo.cas.services.SurrogateRegisteredServiceAccessStrategy",
    "surrogateEnabled" : true,
    "enabled" : true,
    "ssoEnabled" : true,
  }
}
I also try to add on json file but no luck
    "delegatedAuthenticationPolicy" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
      "allowedProviders" : [ "java.util.ArrayList", [ "azuread" ] ],
      "permitUndefined": true,
      "exclusive": false
    }

Reply all
Reply to author
Forward
0 new messages