CAS 7.0.0-RC4 Pac4j Azure not working

[Colin Wilkinson]

Hi,

I am just testing out configuration against CAS 7.0.0-RC4. The configuration is currently deployed to our dev server against CAS 6.6.x this is working fine.

But when I go to run against CAS 7.0.0.RC4 I get,

Caused by: java.net.URISyntaxException: Illegal character in path at index 34: https://login.microsoftonline.com/{tenantid}/v2.0

I have attached the fully stack trace.

[Jérôme LELEU]

Hi,

What is your related CAS delegated authn configuration?

Remove any sensitive information!

Thanks.

Best regards,

Jérôme

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/32c5e292-89cf-4968-99e9-dd82f31c55a3n%40apereo.org.

[Colin Wilkinson]

HI  Jérôme,

I happy to post the configuration if required, but I think you have a slight error in CAS causing the tenant id to get lost.

In "BaseDelegatedClientFactory.java" you have the "getOidcClientFrom" method which has the following for azure

        if (clientProperties.getAzure().isEnabled() && StringUtils.isNotBlank(clientProperties.getAzure().getId())) {
            LOGGER.debug("Building OpenID Connect client for Azure AD...");
            val azure = getOidcConfigurationForClient(clientProperties.getAzure(), AzureAd2OidcConfiguration.class);
            azure.setTenant(clientProperties.getAzure().getTenant());
            val cfg = new AzureAd2OidcConfiguration(azure);
            val azureClient = new AzureAd2Client(cfg);
            configureClient(azureClient, clientProperties.getAzure(), casProperties);
            return azureClient;
        }

Highlighted in bold is what I think the issue is as when I inspected the "AzureAd2OidcConfiguration" the constructor does set the tenant and this is causing the tenant to get lost.

I have some custom changes to set the login_hint for azure when using the dynamic lookup. I added extra code to test if changing it to below worked and it proceed to microsoft but I got another error after it came back. I will post that error in another message.

        if (clientProperties.getAzure().isEnabled() && StringUtils.isNotBlank(clientProperties.getAzure().getId())) {
            LOGGER.debug("Building OpenID Connect client for Azure AD...");
            val cfg= getOidcConfigurationForClient(clientProperties.getAzure(), AzureAd2OidcConfiguration.class);
            cfg.setTenant(clientProperties.getAzure().getTenant());
            val azureClient = new AzureAd2Client(cfg);
            configureClient(azureClient, clientProperties.getAzure(), casProperties);
            return azureClient;
        }

Thanks.

Regards,

Colin

[CAS Community]

Hi,

It should be fixed: https://github.com/pac4j/pac4j/commit/f8a9450f794add3a65544c8586552305f9976b70

Can you test with CAS 7.0.0-RC4 and pac4j v6.0.0-RC6-SNAPSHOT (pull pac4j-core and pac4j-oidc in version 6.0.0-RC6-SNAPSHOT and exclude the same dependencies in v6.0.0-RC5).

Thanks.

Best regards,

Jérôme

[Colin Wilkinson]

Hi Jérôme,

Worked like a charm.

Regards,

Colin