Yes. # OpenID Authentication cas.authn.oidc.issuer=http://cas-dev.wichita.edu/cas/oidc # Skew ID tokens in minutes cas.authn.oidc.skew=5
cas.authn.oidc.jwksFile=file:/etc/cas/config/keystore.jwks cas.authn.oidc.jwksCacheInMinutes=60 #cas.authn.oidc.dynamicClientRegistrationMode=OPEN|PROTECTED cas.authn.oidc.dynamicClientRegistrationMode=PROTECTED cas.authn.oidc.subjectTypes=public,pairwise Erik Mallory Server Analyst Wichita State University 316.978.3502 From: <cas-user@apereo.org> on behalf of Misagh Moayyed <misagh.moay...@gmail.com> Reply-To: "cas-user@apereo.org" <cas-user@apereo.org> Date: Tuesday, August 27, 2019 at 2:59 AM To: CAS Community <cas-user@apereo.org> Subject: Re: [cas-user] CAS 6.1-RC4 OIDC configuration Have you defined an issuer? https://apereo.github.io/cas/development/configuration/Configuration-Properties.html#openid-connect On Aug 27, 2019, at 2:23 AM, 'Mallory, Erik' via CAS Community <cas-user@apereo.org<mailto:cas-user@apereo.org>> wrote: Hello, I'm trying to configure oAuth/OIDC and I'm running into a head scratcher. The CAS oidc/.well-known endpoint returns cas.example.org:8443<http://cas.example.org:8443> for all of the related endpoints. Example: {"issuer":"http://cas-dev.wichita.edu/cas/oidc","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","token","id_token token"],"subject_types_supported":["public","pairwise"],"claim_types_supported":["normal"],"claims_supported":["sub","name","preferred_username","family_name","given_name","middle_name","given_name","profile","picture","nickname","website","zoneinfo","locale","updated_at","birthdate","email","email_verified","phone_number","phone_number_verified","address","gender"],"grant_types_supported":["authorization_code","password","client_credentials","refresh_token"],"id_token_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"introspection_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"claims_parameter_supported":true,"request_parameter_supported":false,"authorization_endpoint":"https://cas.example.org:8443/cas/oidc/authorize","token_endpoint":"https://cas.example.org:8443/cas/oidc/accessToken","userinfo_endpoint":"https://cas.example.org:8443/cas/oidc/profile","registration_endpoint":"https://cas.example.org:8443/cas/oidc/register","end_session_endpoint":"https://cas.example.org:8443/cas/oidc/logout","introspection_endpoint":"https://cas.example.org:8443/cas/oidc/introspect","revocation_endpoint":"https://cas.example.org:8443/cas/oidc/revoke","jwks_uri":"https://cas.example.org:8443/cas/oidc/jwks"} I thought this value was controlled by the cas.server.name property. But I guess it's elsewhere? server.context-path=/cas server.port=443 cas.server.name=https://cas-dev.wichita.edu cas.server.prefix=https://cas-dev.wichita.edu/cas cas.host.name=cas-dev.wichita.edu<http://cas-dev.wichita.edu> Hopefully someone can shine a light on this for me. Thanks, Erik Mallory Server Analyst Wichita State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B7E953C-586C-41E3-BB3A-73A53D433AB0%40wichita.edu. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/375F9DAF-027B-4CE0-A5F3-AE84255B3C99%40gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/375F9DAF-027B-4CE0-A5F3-AE84255B3C99%40gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/E63C583B-638A-4E54-A7C4-BC772DF53CB2%40wichita.edu.