HI Jérôme,
I happy to post the configuration if required, but I think you have a
slight error in CAS causing the tenant id to get lost.
In "BaseDelegatedClientFactory.java" you have the "getOidcClientFrom"
method which has the following for azure
if (clientProperties.getAzure().isEnabled() &&
StringUtils.isNotBlank(clientProperties.getAzure().getId())) {
LOGGER.debug("Building OpenID Connect client for Azure AD...");
val azure =
getOidcConfigurationForClient(clientProperties.getAzure(),
AzureAd2OidcConfiguration.class);
azure.setTenant(clientProperties.getAzure().getTenant());
* val cfg = new AzureAd2OidcConfiguration(azure);*
val azureClient = new AzureAd2Client(cfg);
configureClient(azureClient, clientProperties.getAzure(),
casProperties);
return azureClient;
}
Highlighted in bold is what I think the issue is as when I inspected the
"AzureAd2OidcConfiguration" the constructor does set the tenant and this is
causing the tenant to get lost.
I have some custom changes to set the login_hint for azure when using the
dynamic lookup. I added extra code to test if changing it to below worked
and it proceed to microsoft but I got another error after it came back. I
will post that error in another message.
if (clientProperties.getAzure().isEnabled() &&
StringUtils.isNotBlank(clientProperties.getAzure().getId())) {
LOGGER.debug("Building OpenID Connect client for Azure AD...");
val cfg=
getOidcConfigurationForClient(clientProperties.getAzure(),
AzureAd2OidcConfiguration.class);
cfg.setTenant(clientProperties.getAzure().getTenant());
val azureClient = new AzureAd2Client(cfg);
configureClient(azureClient, clientProperties.getAzure(),
casProperties);
return azureClient;
}
Thanks.
Regards,
Colin
On Thursday, 16 February 2023 at 17:56:46 UTC+11 leleuj wrote:
> Hi,
>
> What is your related CAS delegated authn configuration?
>
> Remove any sensitive information!
>
> Thanks.
> Best regards,
> Jérôme
>
>
> Le mer. 15 févr. 2023 à 06:18, Colin Wilkinson <wilc...@gmail.com> a
> écrit :
>
>> Hi,
>>
>> I am just testing out configuration against CAS 7.0.0-RC4. The
>> configuration is currently deployed to our dev server against CAS 6.6.x
>> this is working fine.
>>
>> But when I go to run against CAS 7.0.0.RC4 I get,
>>
>> Caused by: java.net.URISyntaxException: Illegal character in path at
>> index 34: https://login.microsoftonline.com/{tenantid}/v2.0
>>
>> I have attached the fully stack trace.
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/32c5e292-89cf-4968-99e9-dd82f31c55a3n%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/32c5e292-89cf-4968-99e9-dd82f31c55a3n%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d61ec21b-6dee-411b-bcfd-60bc35cf6db3n%40apereo.org.
