Hello guys!
I'd like to enable CAS SSO as an additional authentication method on my
Keycloak platform.
build.gradle
implementation "org.apereo.cas:cas-server-core-api-configuration-model"
implementation "org.apereo.cas:cas-server-webapp-init"
implementation "org.apereo.cas:cas-server-support-ldap"
implementation "org.apereo.cas:cas-server-support-json-service-registry"
implementation "org.apereo.cas:cas-server-support-oidc"
implementation "org.apereo.cas:cas-server-support-ldap-core"
cas.properties
cas.server.name=https://cas.exemple.sn:8443
cas.server.prefix=${cas.server.name}/cas
logging.config=file:/etc/cas/config/log4j2.xml
############# ----- LDAP ---- ##################
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://x.x.x.x
cas.authn.ldap[0].baseDn=dc=exemple,dc=com
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=cn=myadmintest,dc=exemple,dc=com
cas.authn.ldap[0].bindCredential=xxxxxx
cas.authn.ldap[0].principalAttributeId=mail
cas.service-registry.json.location=file:/etc/cas/services
cas.authn.accept.users=
#mappage attribut,uid, cn et mail sont les attributs LDAP qui seront
extraits pour l'user
cas.authn.ldap[0].principalAttributeList=sn,givenName,mail
# ------OIDC------
cas.authn.oidc.jwks.file-system.jwks-file=file:/etc/cas/config/keystore.jwks
cas.authn.oidc.enabled=true
# URL de base pour OpenID Connect
cas.authn.oidc.core.issuer=https://cas.exemple.com/cas/oidc
# Activer la découverte automatique (/.well-known/openid-configuration)
cas.authn.oidc.discovery.discoverySettingsEnabled=true
cas.authn.oidc.jwks.jwks-file=file:/etc/cas/config/keystore.jwks
cas.authn.oidc.skew=5
# Add/remove scopes as necessary here...
cas.authn.oidc.discovery.scopes=openid,profile,email
# Configurer les clients OIDC
cas.authn.pac4j.oidc[0].generic.id=myclientid (from keycloak)
cas.authn.pac4j.oidc[0].generic.secret=xxxxxxx
cas.authn.pac4j.oidc[0].generic.client-nam=myclientid
# Note the realm name in the discovery URL...
cas.authn.pac4j.oidc[0].generic.discovery-uri=https://keycloak.exemple.com/realms/test/.well-known/openid-configuration
cas.authn.pac4j.oidc[0].generic.principal-id-attribute=email
cas.authn.pac4j.oidc[0].generic.preferred-jws-algorithm=RS256
cas.authn.pac4j.oidc[0].generic.client-authentication-method=client_secret_basic
cas.authn.pac4j.oidc[0].generic.supported-client-authentication-methods=client_secret_basic,client_secret_post
######## my oidc-10001.json file #######
{
"@class": "org.apereo.cas.services.OidcRegisteredService",
"clientId": "casclientid",
"clientSecret": "xxxxxxxxxxxxxxxxx",
"serviceId":
"https://keycloak.exemple.com/realms/test/broker/keycloak-oidc/endpoint";,
"name": "oidc",
"id": 10001,
"bypassApprovalPrompt": true,
"description": "Service OIDC pour Moodle",
"evaluationOrder": 3,
"scopes": ["java.util.HashSet", [ "openid", "profile", "email" ]]
}
i have this error keycloak oidc works perfect CAS OIDC auth also works
perfects but delegate auth doesnt work[image: Capture d'écran 2024-10-09
130306.png]
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/775b75b3-8ff9-40af-8d95-cccb3988b703n%40apereo.org.
