Oauth2.0 not redirecting back to app

[Jens Hausherr]

Hi,

I am having some trouble getting my CAS Oauth2.0 Server to work.

I have set up everything as documented and I get to the login page on CAS. After succesful login I am 'stranded' at the web login success page.

OAuth 2.0 should redirect the browser back to callback but does not do it. I suspect that this is due to some misconfiguration but Googling did not help yet.

Anybody has encountered this problem?

Thanks,
Jens

[Jérôme LELEU]

Hi,

Which CAS version do you use? Any error in your logs?

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/82e37971-3e15-46f7-b905-12e67c03a68e%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

[Jens Hausherr]

Hi,

I am using 4.2.6 and there are no errors in the logs. 

The audit tells me that the authentication was successful and that the TGT has been created.

I am just not redirected back to http(s)://localhost:3000/callback?code=...

Here is the initial URL I redirect the browser to:

https://localhost:8443/oauth2.0/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=notifications&state=3(%230%2F!~&response_type=code&client_id=...

OAuth Service:

{

  "@class" : "org.jasig.cas.support.oauth.services.OAuthRegisteredService",

  "clientId": "...",

  "clientSecret": "...",

  "bypassApprovalPrompt": false,

  "serviceId" : "https?://localhost.*",

  "name" : "development key",

  "id" : 2505077379

}

Thanks for looking into it.

Best regards,

Jens

Jérôme LELEU <lel...@gmail.com> schrieb am Fr., 30. Sep. 2016 um 08:12 Uhr:

Hi,

Which CAS version do you use? Any error in your logs?

Thanks.

Best regards,

Jérôme

2016-09-29 16:28 GMT+02:00 Jens Hausherr <jabb...@gmail.com>:

Hi,

I am having some trouble getting my CAS Oauth2.0 Server to work.

I have set up everything as documented and I get to the login page on CAS. After succesful login I am 'stranded' at the web login success page.

OAuth 2.0 should redirect the browser back to callback but does not do it. I suspect that this is due to some misconfiguration but Googling did not help yet.

Anybody has encountered this problem?

Thanks,
Jens

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Jérôme LELEU]

Hi,

Can you post your logs (in DEBUG on org.jasig) to see if it properly goes through the OAuth controller?

Thanks.

Best regards,

Jérôme

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/82e37971-3e15-46f7-b905-12e67c03a68e%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgWg8o0%2Bwy5ryo5keDHSVhEDAxwRH3C%3D6seMYYouS_0CoXzQ%40mail.gmail.com.

[Luo]

I hava same problem.

在 2016年9月29日星期四 UTC+8下午10:28:17，Jens Hausherr写道：

[Xavier Rodríguez]

Hi,

I've the same problem. We have installed CAS-4.2.3 with Client-Oauth 2 implementation. But we are not able to come back to the service-app.

When the user is autenticated in Server-Oauth it returns to the CAS-Server-client but it stops in login page showing that the user is authenticated, it seems that the service(app) in this point is lost, and it doesn't return to the app.

We have defined in Pac4jContext:

    <bean id="caswrapper2" class="cat.dipta.pac4j.oauth.client.ValidCasOAuthWrapperClient">
        <property name="key" value="this_is_the_key2" />
        <property name="secret" value="this_is_the_secret2" />
        <property name="validUrlAuthorization" value="https://localhost:8444/cas-pac4j-oauth-server-demo/oauth2.0" />
    </bean>
    
    <bean id="caswrapper3" class="org.pac4j.oauth.client.CasOAuthWrapperClient">
        <property name="key" value="this_is_the_key2" />
        <property name="secret" value="this_is_the_secret2" />
        <property name="casOAuthUrl" value="https://localhost:8444/cas-pac4j-oauth-server-demo/oauth2.0" />
    </bean>

When CAS receives the data from de Oauth-Server its log shows:

2016-10-03 16:32:27,999 DEBUG [org.jasig.cas.authentication.DefaultAuthenticationContextBuilder] - Building an authentication context for authentication org.jasig.cas.authentication.ImmutableAuthentication@75b86cb and service null

I understand that this service must have the url of the client-app but it is null. ¿Do We have to define some extra variable?

Best regards,

- Xavier -

El divendres, 30 setembre de 2016 8:12:06 UTC+2, leleuj va escriure:

[Jérôme LELEU]

Hi,

In the ClientAction, the service has been saved: 

2016-10-03 16:32:17,094 DEBUG [org.jasig.cas.support.pac4j.web.flow.ClientAction] - save service: https://localhost:8445/dipta-cas-client-test/j_spring_cas_security_check

But, indeed, the service is not retrieved during the authentication (thus no redirect back to the application):

2016-10-03 16:32:27,930 DEBUG [org.jasig.cas.support.pac4j.web.flow.ClientAction] - retrieve service: null

The service is saved into and restored from the web session: anything special in your case?

Thanks.

Best regards,

Jérôme

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e3c65f13-e58d-4159-8573-32b17e290eaf%40apereo.org.

[Marina Batet]

Hi Jérôme and everyone, 

This is happening to me in CAS 4.2.3.

I'm trying it in localhost, with two CAS servers installed, one acting as the oauth client (/cas) an the other as the oauth server (/cas-pac4j-oauth-server-demo). And a test app (/test-client-app) that it's acting as the client of the first cas (the service). There are no Apaches nor rewrites in this scenario...

What I'm seeing is that before the login page it's loaded in the browser, I have two calls to the "prepareForLoginPage" method. In the first call, the service is stored in session OK. In the second call, the service is null (?) and the service attribute is overwrited in the session. Thereafter, when we try to retrieve the service after de oauth delegation, etc... the service attribute it's null.

I have put some more traces in the ClientAction class and compiled it in order to try to understand what it's happening. I have attached the traces (just the ones before the login page) , but basically, what it's bugging me is:

2016-10-05 12:53:19,412 DEBUG [org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage] save service: https://localhost:8443/test-client-app/j_spring_cas_security_check

...

2016-10-05 12:53:22,880 DEBUG [org.jasig.cas.support.pac4j.web.flow.ClientAction] - [prepareForLoginPage] save service: null

Why it's this second call overwriting the service as null when it was previously stored?  What I'm doing wrong? 

Thanks in advanced for any response!

Best regards,

El dimecres, 5 octubre de 2016 10:43:05 UTC+2, leleuj va escriure:

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Jérôme LELEU]

Hi,

Indeed, the double call to prepareForLoginPage is the culprit. Is there any resource on your login page somehow calling the /login URL again?

Thanks.

Best regards,

Jérôme

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f4b6ee6b-0958-4345-93f0-384c017c584a%40apereo.org.

[Marina Batet]

Hi Jérôme,

Thanks for your answer!

Yes, I tested it with firebug and there are two calls to the /cas/login. The first with the service url and the second without.

The thing is, I have a custom theme defined for my service. If I use the default theme, then I have just one call and everything works fine.

But If I define a custom theme (that in itself it just contains some images and a css file, it have no calls whatsoever), then, I see two calls to  /cas/login in firebug.

And the culprit is the file WEB-INF/view/jsp/default/ui/includes/bottom.jsp:

<script type="text/javascript"

    src="<c:url value="${casJavascriptFile}" />"></script>

That it's translated in:

<script type="text/javascript"

src="/cas/themes/mytheme/js/cas.js"></script>

As this file (/mytheme/js/cas.js) does not exist  (in the default theme /cas/js/cas.js does exists), this call it's redirected to /cas/login

I copied the cas/js/cas.js file to my js theme directory and problem solved! L¡Just one call to the method and the service it's not null.

Thanks so much for your help, much appreciated! :-)

El dimecres, 5 octubre de 2016 13:45:01 UTC+2, leleuj va escriure:

[Xavier Rodríguez]

¡Thanks Jérôme and Marina for your responses!

The problems is in theme. As says Marina I put de cas.js and it works perfect!!! The redirect in the file not found causes the second call.

Thanks a lot++++++!!!!

Best regards,

- Xavier -

El dimecres, 5 octubre de 2016 14:50:52 UTC+2, Marina Batet va escriure: