{
"@class": "org.apereo.cas.services.OidcRegisteredService",
"clientId": "keycloak-sdr-oidc",
"clientSecret": "<secret>",
"serviceId": "<keycloak-url>/broker/cas-server-lab-oidc/endpoint",
"name": "Keycloak",
"id": 1008
}
I've configured CAS as an IDP using Keycloak GUI, passing the /oidc/.well-known URL which is working, and Keycloak autoconfigures itself, I just needed to input the clientSecret key. The serviceId configured above is the redirect uri Keycloak gives.
Authenticating with Keycloak and clicking on the CAS provider button, I get the following URL:
<cas-url>/oidc/authorize?scope=openid&state=0qSqbtCYF_DWyzLXRyiZldn2uP64J6esXeiP6UlVfNw.guRTVBHiRKw.sample-client&response_type=code&client_id=keycloak-sdr-oidc&redirect_uri=<keycloak-redirect-uri-encoded>&nonce=372Y_32lOgVg5IQDmna_mA
This gives me only the Service Not Authorized CAS page.
CAS log shows this:
I'm pretty sure my service is being loaded, I get these log msgs (I use git service registry)
Any hints would be appreciated, thanks in advance.