CAS 5.3.x: delegated Authentication with ID_TOKEN

42 views

Skip to first unread message

Ulrich Mayring

unread,

Nov 26, 2020, 10:11:59 AM11/26/20

to CAS Community

Hello,

I have implemented delegated authentication to Azure Active Directory as detailed in https://apereo.github.io/cas/5.3.x/integration/Delegate-Authentication.html

If I configure the responseType "code" (or none at all - "code" is the default), then everything works perfectly. However, when I configure "id_token" like this:

cas.authn.pac4j.oidc[0].responseType=id_token
cas.authn.pac4j.oidc[0].useNonce=true

then the series of redirects within CAS after successful authentication to Azure breaks at one point, where the following Redirect-URI is generated by CAS:

https://mydomain.com/cas/login?null=&client_name=My_Azure_ClientName

In place of "null" there should actually be this parameter:

id_token=eyJ0eXAiOiJKV....

If I put this parameter into the URI manually, then the redirection flow succeeds and CAS authenticates as expected. Also, if I use the "code" responseType, then in place of that "null" there is the expected "code=0.ATAAHe5MXM..." parameter in the URI.

Is this a bug in CAS or did I perhaps forget to configure something?

Kind regards,

Ulrich

Reply all

Reply to author

Forward

0 new messages