How to specify redirect_uri for CAS 6 Delegation to Azure AD OIDC

bottlecheck

unread,

May 1, 2019, 7:46:21 AM5/1/19

to CAS Community

Hello,

Is anyone delegating CAS authentication to Azure AD? I am attempting to delegate CAS authentication to Azure AD / OpenId Connect using the pac4j-webflow support library.

I cannot seem to find a parameter that allows me to specify the redirect_uri. CAS redirects correctly to microsoftonline for authentication, but microsoftonline will not redirect back to CAS due to the following error: "The reply url specified in the request does not match the reply urls configured for the application". The redirect_uri received by microsoftonline is https://cas.example.org:8443/cas/login/cas

I tried to specify it using customParams.redirectUri, but this did not work. I cannot seem to find anything on the mailing list, so I'm probably missing something really basic.

Here is my config so far:

cas.authn.pac4j.oidc[0].azure.id=xxxxxxxxxxxx
cas.authn.pac4j.oidc[0].azure.secret=xxxxxxxxxxx
cas.authn.pac4j.oidc[0].azure.clientName=cas
cas.authn.pac4j.oidc[0].azure.autoRedirect=true
cas.authn.pac4j.oidc[0].azure.tenant=xxxxxxxxxxx
cas.authn.pac4j.oidc[0].azure.scope=openid,email,profile

cas.authn.pac4j.oidc[0].azure.customParams.redirectUri=https://app.mydomain.com

Any help at all would be much appreciated!

Thanks

bottlecheck

unread,

May 1, 2019, 10:13:43 AM5/1/19

to CAS Community

Indeed it was something extremely basic, I had forgotten to set the CAS server name and prefix. Remember to set:

cas.server.name=https://cas.mydomain.com
cas.server.prefix=https://cas.mydomain.com/cas

Thank you again for a great product!

BColly

unread,

Dec 20, 2019, 12:57:23 PM12/20/19

to CAS Community, m...@bharatreddy.com

Hi bottlecheck,

After you set your cas.server.name and cas.server.prefix, what did you end up setting as the "redirect_uri" in Azure AD configuration?

Thanks in advance for your help

BColly

unread,

Dec 20, 2019, 3:30:09 PM12/20/19

to CAS Community, m...@bharatreddy.com

I resolved this myself by looking closer at what you posted, when specifying "redirect_uri" in Azure AD for OpenID Connect (OIDC).

The redirect_uri should be:

https://cas.mydomain.com/cas/login/clientName

where clientName is the property specified at "cas.authn.pac4j.oidc[0].azure.clientName="

Thank you for posting this and your response, it helped me get this figured out.

Best

Sean Day

unread,

Jan 27, 2020, 9:54:03 AM1/27/20

to CAS Community, m...@bharatreddy.com, bryant....@gmail.com

Hi,

I am trying to get OIDC delegated authentication working as well, it seems to be almost there, I get redirected to Azure AD, sign in then when taken back to the CAS server I end up on a 404 error:

My CAS url is similar to:

https://cas.domain.com/cas/login

After redirect I get to:

https://cas.domain.com/login?code=

It seems the /cas/ is removed from the URL.

My properties are:

cas.authn.pac4j.oidc[0].azure.id=xxxx

cas.authn.pac4j.oidc[0].azure.secret=xxxx

cas.authn.pac4j.oidc[0].azure.clientName=cas

cas.authn.pac4j.oidc[0].azure.autoRedirect=true

cas.authn.pac4j.oidc[0].azure.tenant=xxxx

cas.authn.pac4j.oidc[0].azure.scope=openid,email,profile

cas.authn.pac4j.oidc[0].azure.customParams.redirectUri=https://cas.domain.com

Did you get any similar problems or does anyone know what I am missing?

Thanks

Sean

Reply all

Reply to author

Forward

Message has been deleted