When user open CAS state parameter is set on the session, but when user comeback from Azure/OpenID state Parameter is exist on request but on the session is null.
W dniu poniedziałek, 3 czerwca 2019 22:39:23 UTC+2 użytkownik Łukasz Woźniak napisał: > > Problem is on connection Cas <> Azure/OpenId. State Parameter for CSRF is > null sometime when request come from Azure to Cas. I check and state is set > on the Session. > > W dniu poniedziałek, 3 czerwca 2019 18:06:00 UTC+2 użytkownik rbon napisał: >> >> Łukasz, This sounds like the client application is sending the user to >> CAS with one URL in the service parameter and a different URL when >> validating the service ticket. There should be log messages describing why >> the 'State paramerter ...' is output. You may have to turn up the log >> level. Ray >> On Mon, 2019-06-03 at 01:42 -0700, Łukasz Woźniak wrote: >> >> We use 5.2.9 version of CAS. And We have problem every day when user try >> to authenticate. They get "Unautorized access" and in log we get CSRF >> error: >> >> State >> >> parameter >> >> is >> >> different >> >> from >> >> the one sent >> >> in >> >> authentication request >> >> . >> >> Session >> >> expired >> >> or >> >> possible threat of cross >> >> - >> >> site request forgery >> >> >> Problem appear only first time every day. Any idea why ? >> >> >> W dniu piątek, 29 marca 2019 21:59:24 UTC+1 użytkownik richard.frovarp >> napisał: >> >> Need to add CAS 5.3.9. I have Google and Twitter working through >> delegated auth. So I have that much working. >> >> On 3/29/19 3:57 PM, Richard Frovarp wrote: >> > Does anyone have an example config or documentation on how to delegate >> > to Azure AD? This is operating at the very edge of my understanding, >> and >> > I'm having some difficulty. Not entirely sure what configs are >> required, >> > or exactly what to set in Azure. >> > >> > Right now I have: >> > >> > cas.authn.pac4j.oidc[0].type=AZURE >> > cas.authn.pac4j.oidc[0].id=<client id> >> > cas.authn.pac4j.oidc[0].secret=<client-secret> >> > cas.authn.pac4j.oidc[0].clientName=AZURE >> > cas.authn.pac4j.oidc[0].discoveryUri= >> https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration >> >> > cas.authn.pac4j.oidc[0].scope=openid email profile phone >> > cas.authn.pac4j.oidc[0].azureTenantId=<directory-id> >> > >> > >> > No idea if those scopes are right. >> > >> > Getting: >> > >> > 2019-03-29 15:53:33,486 ERROR >> > [org.springframework.boot.web.support.ErrorPageFilter] - <Forwarding to >> > error page from request [/clientredirect] due to exception >> > [java.lang.ClassCastException: java.util.Collections$SingletonList >> > cannot be cast to java.lang.String]> >> > org.pac4j.core.exception.TechnicalException: >> > java.lang.ClassCastException: java.util.Collections$SingletonList >> cannot >> > be cast to java.lang.String >> > at >> > >> org.pac4j.oidc.redirect.OidcRedirectActionBuilder.buildAuthenticationRequestUrl(OidcRedirectActionBuilder.java:113) >> >> >> > ~[pac4j-oidc-3.6.1.jar:?] >> > at >> > >> org.pac4j.oidc.redirect.OidcRedirectActionBuilder.redirect(OidcRedirectActionBuilder.java:78) >> >> >> > ~[pac4j-oidc-3.6.1.jar:?] >> > at >> > >> org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:109) >> >> >> > ~[pac4j-core-3.6.1.jar:?] >> > >> > Caused by: java.lang.ClassCastException: >> > java.util.Collections$SingletonList cannot be cast to java.lang.String >> > at >> > >> com.nimbusds.oauth2.sdk.AuthorizationRequest.parse(AuthorizationRequest.java:972) >> >> >> > ~[oauth2-oidc-sdk-5.62.jar:5.62] >> > at >> > >> com.nimbusds.openid.connect.sdk.AuthenticationRequest.parse(AuthenticationRequest.java:1374) >> >> >> > ~[oauth2-oidc-sdk-5.62.jar:5.62] >> > at >> > >> com.nimbusds.openid.connect.sdk.AuthenticationRequest.parse(AuthenticationRequest.java:1340) >> >> >> > ~[oauth2-oidc-sdk-5.62.jar:5.62] >> > at >> > >> org.pac4j.oidc.redirect.OidcRedirectActionBuilder.buildAuthenticationRequestUrl(OidcRedirectActionBuilder.java:110) >> >> >> > ~[pac4j-oidc-3.6.1.jar:?] >> > ... 98 more >> > >> > Any suggestions would be helpful, because I'm having difficulty pulling >> > off the right search to find the right set of documentation at MS. >> > >> > Thanks, >> > >> > Richard >> > >> >> -- >> >> Ray Bon >> Programmer Analyst >> Development Services, University Systems >> 2507218831 | CLE 019 | rb...@uvic.ca >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c8838090-bd47-4a46-8ac3-9e073a438aa7%40apereo.org.
