Hi, Here is the check: https://github.com/apereo/cas/blob/master/support/cas-server-support-oauth/src/main/java/org/apereo/cas/support/oauth/validator/OAuth20Validator.java#L78
Can you debug it to see what's going on? Thanks. Best regards, Jérôme 2016-12-14 17:13 GMT+01:00 Todd Pratt <[email protected]>: > Hi Jérôme, > > I've tried several values for serviceId and can't find one that will work > I get the same error each time. I need it to redirect back to > http://localhost:8080/oauth_client. Could you please tell me what I'm > doing wrong with the following > > { > "@class" : "org.apereo.cas.services.OidcRegisteredService", > "clientId": "fb3s86QV9QKl", > "clientSecret": "VgWn3ysT24gZo66K", > "serviceId" : "^http://localhost:8080/oauth_client";, > "signIdToken": "false", > "name": "OIDC", > "id": 1000, > "evaluationOrder": 100 > } > > > > Thank you, > Todd > > > On Wednesday, December 14, 2016 at 3:04:12 AM UTC-5, leleuj wrote: >> >> Hi, >> >> Sure. This error happens when you have not properly configured the >> serviceId of the Oidc service, it must match the redirectUri. >> >> See the documentation: https://apereo.github.io/cas/5 >> .0.x/installation/OIDC-Authentication.html >> >> >> { >> "@class" : "org.apereo.cas.services.OidcRegisteredService", >> "clientId": "client", >> "clientSecret": "secret", >> "serviceId" : "^<https://the-redirect-uri>", >> "signIdToken": true, >> "name": "OIDC", >> "id": 1000, >> "evaluationOrder": 100, >> "jwks": "..."} >> >> >> >> Thanks. >> Best regards, >> Jérôme >> >> >> 2016-12-13 21:12 GMT+01:00 Misagh Moayyed <[email protected]>: >> >>> Feel free to submit an issue. Jérôme might have a few ideas. It would >>> also be helpful if you could pack your client into a shape that can be >>> tested and run by someone else. If you do [and you should], reference its >>> location in the issue. >>> >>> >>> >>> --Misagh >>> >>> >>> >>> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Todd >>> Pratt >>> *Sent:* Tuesday, December 13, 2016 11:21 AM >>> *To:* CAS Community <[email protected]> >>> *Subject:* [cas-user] Re: Authorize request verification fails with >>> OAuth and CAS 5.0.x >>> >>> >>> >>> The authorization url that is generated is >>> >>> >>> >>> https://cas.mydomain.com:8443/cas/oauth2.0/authorize/?client >>> _id=fb3s86QV9QKl&redirect_uri=http://localhost:8080/oauth_ >>> client&response_type=code&scope=openid >>> >>> >>> >>> >>> On Monday, December 12, 2016 at 4:51:17 PM UTC-5, Todd Pratt wrote: >>> >>> Hi, >>> >>> >>> >>> I'm trying to setup OpenID/OAuth2 on CAS 5.0.x using the war overlay >>> template. I included three dependencies, cas-server-support-oidc, >>> cas-server-support-ldap >>> and cas-server-support-json-service-registry. I built the management >>> webapp using that overlay template and I successfully logged into the >>> management app using the ldap authentication I setup. Now I'm trying to >>> setup a service provider for OpenID/OAuth2 and I keep getting an error page >>> with my test application that says "Application Not Authorized to use CAS" >>> instead of redirecting to the login page. I've used this test client with >>> other servers and it seems to work. I enabled debugging and looking >>> through the code it looks it found my provider I defined but then it fails >>> at OAuth20AuthorizeController.isRequestAuthenticated() returns false. >>> The method isRequestAuthenticated() seems to look for a profile in the >>> session which isn't there. Is there something I'm missing? Below is the >>> portion of the log. >>> >>> >>> >>> >>> >>> 2016-12-12 13:09:40,226 DEBUG >>> [org.apereo.cas.support.oauth.validator.OAuthValidator] >>> - <client_id: fb3s86QV9QKl> >>> >>> 2016-12-12 13:09:40,227 DEBUG >>> [org.apereo.cas.support.oauth.validator.OAuthValidator] >>> - <redirect_uri: http://localhost:8080/oauth_client> >>> >>> 2016-12-12 13:09:40,227 DEBUG >>> [org.apereo.cas.support.oauth.validator.OAuthValidator] >>> - <response_type: code> >>> >>> 2016-12-12 13:09:40,227 DEBUG [org.apereo.cas.support.oauth. >>> web.OAuth20AuthorizeController] - <Response type: code> >>> >>> 2016-12-12 13:09:40,228 DEBUG >>> [org.apereo.cas.support.oauth.validator.OAuthValidator] >>> - <Check registered service: org.apereo.cas.services.OidcRe >>> gisteredService@66d09fb6[attributeFilter=<null>,princip >>> alAttributesRepository=org.apereo.cas.authentication.prin >>> cipal.DefaultPrincipalAttributesRepository@2027a3cc[],author >>> izedToReleaseCredentialPassword=false,authorizedToReleasePro >>> xyGrantingTicket=false],accessStrategy=org.apereo.cas.servic >>> es.DefaultRegisteredServiceAccessStrategy@f9e67c0[enabled= >>> true,ssoEnabled=true,requireAllAttributes=false,requiredAttr >>> ibutes={},unauthorizedRedirectUrl=<null>,caseInsensitive= >>> false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=or >>> g.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@ >>> 2e202d9f,logo=<null>,logoutUrl=<null>,requiredHandlers=[],pr >>> operties={},multifactorPolicy=org.apereo.cas.services.Defaul >>> tRegisteredServiceMultifactorPolicy@6dd174aa[multifactorAuth >>> enticationProviders=[],failureMode=CLOSED,principalAt >>> tributeNameTrigger=<null>,principalAttributeValueToMatch=< >>> null>,clientId=fb3s86QV9QKl,approvalPrompt=false,generateRef >>> reshToken=false,jsonFormat=false,jwks=<null>,signIdToken=false]> >>> >>> 2016-12-12 13:09:40,228 DEBUG >>> [org.apereo.cas.support.oauth.validator.OAuthValidator] >>> - <Found: org.apereo.cas.services.OidcRegisteredService@66d09fb6[ >>> attributeFilter=<null>,principalAttributesRepository=org. >>> apereo.cas.authentication.principal.DefaultPrincipalAttribut >>> esRepository@2027a3cc[],authorizedToReleaseCredentialPasswor >>> d=false,authorizedToReleaseProxyGrantingTicket=false],access >>> Strategy=org.apereo.cas.services.DefaultRegisteredServiceAcc >>> essStrategy@f9e67c0[enabled=true,ssoEnabled=true,requireAl >>> lAttributes=false,requiredAttributes={},unauthorizedRedirect >>> Url=<null>,caseInsensitive=false,rejectedAttributes={}],p >>> ublicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRe >>> gisteredServiceProxyPolicy@2e202d9f,logo=<null>,logoutUrl >>> =<null>,requiredHandlers=[],properties={},multifactorPolicy= >>> org.apereo.cas.services.DefaultRegisteredServiceMultifactorP >>> olicy@6dd174aa[multifactorAuthenticationProviders=[], >>> failureMode=CLOSED,principalAttributeNameTrigger=<null>,prin >>> cipalAttributeValueToMatch=<null>,clientId=fb3s86QV9QKl,ap >>> provalPrompt=false,generateRefreshToken=false,jsonFormat= >>> false,jwks=<null>,signIdToken=false] vs redirectUri: >>> http://localhost:8080/oauth_client> >>> >>> 2016-12-12 13:09:40,228 ERROR [org.apereo.cas.support.oauth. >>> web.OAuth20AuthorizeController] - <Authorize request verification fails> >>> >>> >>> >>> >>> >>> Thanks in advance for any help. >>> >>> -- >>> - CAS gitter chatroom: https://gitter.im/apereo/cas >>> - CAS mailing list guidelines: https://apereo.github.io/cas/M >>> ailing-Lists.html >>> - CAS documentation website: https://apereo.github.io/cas >>> - CAS project website: https://github.com/apereo/cas >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/a/ap >>> ereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f457 >>> 6f%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3ed93ca6-db04-4734-a86a-4d6938f4576f%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> - CAS gitter chatroom: https://gitter.im/apereo/cas >>> - CAS mailing list guidelines: https://apereo.github.io/cas/M >>> ailing-Lists.html >>> - CAS documentation website: https://apereo.github.io/cas >>> - CAS project website: https://github.com/apereo/cas >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/a/ap >>> ereo.org/d/msgid/cas-user/026601d2557d%24488f0090%24d9ad01b0 >>> %24%40unicon.net >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/026601d2557d%24488f0090%24d9ad01b0%24%40unicon.net?utm_medium=email&utm_source=footer> >>> . >>> >> >> -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > - CAS mailing list guidelines: https://apereo.github.io/cas/ > Mailing-Lists.html > - CAS documentation website: https://apereo.github.io/cas > - CAS project website: https://github.com/apereo/cas > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/78773adf-f671-4347-8b1e- > e36aa8ffe78d%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/78773adf-f671-4347-8b1e-e36aa8ffe78d%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LyzqhW290QHJ9V133cYxCevQwbK8gNaP%2BZ3Qmt7PYVBAg%40mail.gmail.com.
