I double checked that I didn’t have an errant file somewhere that would override the config. I un jared the cas.war file and grepped for cas.example.org JIC. All settings are loaded from the location below. CAS is running with embedded tomcat and is started by systemd. # The configuration directory where CAS should monitor to locate settings. spring.cloud.config.server.native.searchLocations=file:///etc/cas/config
/bin/java --add-modules java.se --add-exports java.base/jdk.internal.ref=ALL-UNNAMED --add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/java.nio=ALL-UNNAMED --add-opens java.base/sun.nio.ch=ALL-UNNAMED --add-opens java.management/sun.management=ALL-UNNAMED --add-opens jdk.management/com.sun.management.internal=ALL-UNNAMED -Dhttp.proxySet=true -Dhttps.proxySet=true -Dhttp.proxyHost=proxysvc-501.wichita.edu -Dhttps.proxyHost=proxysvc-501.wichita.edu -Dhttp.proxyPort=8080 -Dhttps.proxyPort=8080 -Djava.util.logging.config.file=/etc/cas/config/logging.properties -jar /data/cas/bin/cas.war Thanks Again, Erik Mallory Server Analyst Wichita State University 316.978.3502 From: <cas-user@apereo.org> on behalf of Misagh Moayyed <misagh.moay...@gmail.com> Reply-To: "cas-user@apereo.org" <cas-user@apereo.org> Date: Wednesday, August 28, 2019 at 3:35 AM To: CAS Community <cas-user@apereo.org> Subject: Re: [cas-user] CAS 6.1-RC4 OIDC configuration Are you certain your configuration values are not overridden by something else? On Aug 28, 2019, at 1:30 AM, 'Mallory, Erik' via CAS Community <cas-user@apereo.org<mailto:cas-user@apereo.org>> wrote: Yes. # OpenID Authentication cas.authn.oidc.issuer=http://cas-dev.wichita.edu/cas/oidc # Skew ID tokens in minutes cas.authn.oidc.skew=5 cas.authn.oidc.jwksFile=file:/etc/cas/config/keystore.jwks cas.authn.oidc.jwksCacheInMinutes=60 #cas.authn.oidc.dynamicClientRegistrationMode=OPEN|PROTECTED cas.authn.oidc.dynamicClientRegistrationMode=PROTECTED cas.authn.oidc.subjectTypes=public,pairwise Erik Mallory Server Analyst Wichita State University 316.978.3502 From: <cas-user@apereo.org<mailto:cas-user@apereo.org>> on behalf of Misagh Moayyed <misagh.moay...@gmail.com<mailto:misagh.moay...@gmail.com>> Reply-To: "cas-user@apereo.org<mailto:cas-user@apereo.org>" <cas-user@apereo.org<mailto:cas-user@apereo.org>> Date: Tuesday, August 27, 2019 at 2:59 AM To: CAS Community <cas-user@apereo.org<mailto:cas-user@apereo.org>> Subject: Re: [cas-user] CAS 6.1-RC4 OIDC configuration Have you defined an issuer? https://apereo.github.io/cas/development/configuration/Configuration-Properties.html#openid-connect On Aug 27, 2019, at 2:23 AM, 'Mallory, Erik' via CAS Community <cas-user@apereo.org<mailto:cas-user@apereo.org>> wrote: Hello, I'm trying to configure oAuth/OIDC and I'm running into a head scratcher. The CAS oidc/.well-known endpoint returns cas.example.org:8443<http://cas.example.org:8443/> for all of the related endpoints. Example: {"issuer":"http://cas-dev.wichita.edu/cas/oidc","scopes_supported":["openid","profile","email","address","phone","offline_access"],"response_types_supported":["code","token","id_token token"],"subject_types_supported":["public","pairwise"],"claim_types_supported":["normal"],"claims_supported":["sub","name","preferred_username","family_name","given_name","middle_name","given_name","profile","picture","nickname","website","zoneinfo","locale","updated_at","birthdate","email","email_verified","phone_number","phone_number_verified","address","gender"],"grant_types_supported":["authorization_code","password","client_credentials","refresh_token"],"id_token_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"id_token_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"id_token_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"userinfo_signing_alg_values_supported":["none","RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512","HS256","HS384","HS512"],"userinfo_encryption_alg_values_supported":["RSA1_5","RSA-OAEP","RSA-OAEP-256","A128KW","A192KW","A256KW","A128GCMKW","A192GCMKW","A256GCMKW","ECDH-ES","ECDH-ES+A128KW","ECDH-ES+A192KW","ECDH-ES+A256KW"],"userinfo_encryption_enc_values_supported":["A128CBC-HS256","A192CBC-HS384","A256CBC-HS512","A128GCM","A192GCM","A256GCM"],"introspection_endpoint_auth_methods_supported":["client_secret_basic"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post","client_secret_jwt","private_key_jwt"],"claims_parameter_supported":true,"request_parameter_supported":false,"authorization_endpoint":"https://cas.example.org:8443/cas/oidc/authorize","token_endpoint":"https://cas.example.org:8443/cas/oidc/accessToken","userinfo_endpoint":"https://cas.example.org:8443/cas/oidc/profile","registration_endpoint":"https://cas.example.org:8443/cas/oidc/register","end_session_endpoint":"https://cas.example.org:8443/cas/oidc/logout","introspection_endpoint":"https://cas.example.org:8443/cas/oidc/introspect","revocation_endpoint":"https://cas.example.org:8443/cas/oidc/revoke","jwks_uri":"https://cas.example.org:8443/cas/oidc/jwks"} I thought this value was controlled by the cas.server.name property. But I guess it's elsewhere? server.context-path=/cas server.port=443 cas.server.name=https://cas-dev.wichita.edu<https://cas-dev.wichita.edu/> cas.server.prefix=https://cas-dev.wichita.edu/cas cas.host.name=cas-dev.wichita.edu<http://cas-dev.wichita.edu/> Hopefully someone can shine a light on this for me. Thanks, Erik Mallory Server Analyst Wichita State University -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3B7E953C-586C-41E3-BB3A-73A53D433AB0%40wichita.edu. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/375F9DAF-027B-4CE0-A5F3-AE84255B3C99%40gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/375F9DAF-027B-4CE0-A5F3-AE84255B3C99%40gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/E63C583B-638A-4E54-A7C4-BC772DF53CB2%40wichita.edu<https://groups.google.com/a/apereo.org/d/msgid/cas-user/E63C583B-638A-4E54-A7C4-BC772DF53CB2%40wichita.edu?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DF7A72D8-CDF2-4BDA-B302-8A9E5A1A9E48%40gmail.com<https://groups.google.com/a/apereo.org/d/msgid/cas-user/DF7A72D8-CDF2-4BDA-B302-8A9E5A1A9E48%40gmail.com?utm_medium=email&utm_source=footer>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1FA38A82-12AA-4D92-BE6F-25755490942A%40wichita.edu.