[cas-user] CAS5 OIDC support hybrid flow?

2021-03-06 Thread Yan Zhou 
Hi there,

CAS 5.3.x.   oidc flow.

it works well with authorization code flow.  does it support "hybrid flow", 
i.e., the response type is "code token" or "code id_token".

I am getting "application not authorized to use CAS" error.

Is this by design?

2021-03-07 04:40:24,173 WARN 
[org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController] 
- https://localhost:8543/cas5/oidc/authorize?client_id=demoOIDC&redirect_uri=https%3A%2F%2Foidcdebugger.com%2Fdebug&scope=openid&response_type=code%20token&response_mode=form_post&nonce=bq50c2y1iy]
 
no OAuth20 validator could declare support for its syntax>

2021-03-07 04:40:24,174 ERROR 
[org.apereo.cas.support.oauth.web.endpoints.OAuth20AuthorizeEndpointController] 
- 


Thanks!

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0278898f-3389-46be-ae22-30be246c1484n%40apereo.org.

[cas-user] Re: MongoDBTicketRegistry : RegistryCleaner / InvalidTicketException

2021-03-06 Thread Jérôme Rautureau 
So i see this :

https://github.com/apereo/cas/commit/9545d7aca56022e55a872c8a96597e7fd1656863

it seems the mongodb update operation has been changed...i can't see
why...it was an upsert operation it became a updateFirst operation.

Le dim. 28 févr. 2021 à 18:32, Jérôme Rautureau  a
écrit :

> Hi guys,
>
> We have a very strange issue on your 6.2.8 CAS (tomcat cluster of 2 nodes)
> up-to-date with replicaSet (3 nodes) mongoDB installation.
>
> We have some (a few) tickets without the 6 "normal" fields (only 3 fields
> : above an example on these "partial" tickets, i have anonymized the
> ticket). It's not causes any particular issue on clients except that the
> RegistryCleaner stops on first of these tickets with a
> "InvalidTicketException" (of course type field is null).
>
> I have scheduled a task to delete periodically these tickets :
>
> db.getCollection('TicketGrantingTicketCollection').deleteMany({type:{$exists:false}})
> => it gives me between 1 and up to 100 tickets deleted (We have 1000 TGT
> into our mongodb collection).
>
> After some research, it seems that the "update" mongodb operation is the
> only case where we can have a partial insert of ticket.
>
> we use a lot a PGT/TGT/TGC/ST maybe a rare race condition causes this
> behavior. We don't know.
>
> {
> "_id" : ObjectId("60381e3bf03bee7c9f759a09"),
> "ticketId" :
> "TGT-130-rBbfvpvFeTWzleLKqDge-erk-yr0tzBltCuCp-eCxiHp-Yzz2hxSBeUtbuQSt0MuAJI-java-01-prd",
> "json" :
> "{\"@class\":\"org.apereo.cas.ticket.TicketGrantingTicketImpl\",\"@id\":1,\"id\":\"TGT-130-rBbfvpvFeTWzleLKqDge-erk-yr0tzBltCuCp-eCxiHp-Yzz2hxSBeUtbuQSt0MuAJI-java-01-prd\",\"authentication\":{\"@class\":\"org.apereo.cas.authentication.DefaultAuthentication\",\"authenticationDate\":1614283226.325062,\"principal\":{\"@class\":\"org.apereo.cas.authentication.principal.SimplePrincipal\",\"id\":\"XX.XXX\",\"attributes\":{\"@class\":\"java.util.TreeMap\",\"birthdate\":[\"java.util.ArrayList\",[[\"java.sql.Date\",-36132840]]],\"birthname\":[\"java.util.ArrayList\",[\"
> XX.XX
> \"]],\"civility\":[\"java.util.ArrayList\",[\"Mme\"]],\"company\":[\"java.util.ArrayList\",[\"Ville
> de La
> Rochelle\"]],\"country\":[\"java.util.ArrayList\",[\"Charente-Maritime\"]],\"created_at\":[\"java.util.ArrayList\",[\"20210107134252Z\"]],\"department\":[\"java.util.ArrayList\",[\"Restauration\"]],\"description\":[\"java.util.ArrayList\",[\"RESSOURCES\"]],\"display_name\":[\"java.util.ArrayList\",[\"
> XX.XX \"]],\"dn\":[\"java.util.ArrayList\",[\" XX.XX
> \"]],\"email\":[\"java.util.ArrayList\",[\" XX.XX
> \"]],\"family_name\":[\"java.util.ArrayList\",[\" XX.XX
> \"]],\"full_name\":[\"java.util.ArrayList\",[\" XX.XX
> \"]],\"gender\":[\"java.util.ArrayList\",[\"F\"]],\"given_name\":[\"java.util.ArrayList\",[\"Catherine\"]],\"grh_chemin_service\":[\"java.util.ArrayList\",[\"
> / VILLE DE LA ROCHELLE / Direction générale des services / DGA Education,
> Culture, Sports, Affaires maritimes / Direction de l'Education / Education
> -
> Ressources\"]],\"grh_code_collectivite\":[\"java.util.ArrayList\",[\"VLR\"]],\"grh_echelon\":[\"java.util.ArrayList\",[\"9ème
> échelon\"]],\"grh_emploi\":[\"java.util.ArrayList\",[\"Chef.fe du service
> Ressources\"]],\"grh_filiere\":[\"java.util.ArrayList\",[\"Administrative\"]],\"grh_grade\":[\"java.util.ArrayList\",[\"Attaché
> principal\"]],\"grh_id_poste\":[\"java.util.ArrayList\",[8325]],\"grh_id_service\":[\"java.util.ArrayList\",[1049]],\"grh_id_service_parent\":[\"java.util.ArrayList\",[853]],\"grh_libelle_service\":[\"java.util.ArrayList\",[\"Education
> -
> Ressources\"]],\"grh_niveau_service\":[\"java.util.ArrayList\",[5]],\"grh_numero_poste\":[\"java.util.ArrayList\",[\"
> XX.XX \"]],\"grh_poste\":[\"java.util.ArrayList\",[\"Chef.fe du service
> Ressources\"]],\"grh_statut\":[\"java.util.ArrayList\",[\"Titulaire
> CNRACL\"]],\"grh_titulaire\":[\"java.util.ArrayList\",[false]],\"groups\":[\"java.util.ArrayList\",[\"
> XX.XX  \"]],\"street\":[\"java.util.ArrayList\",[\"Hôtel de
> ville\"]],\"title\":[\"java.util.ArrayList\",[\"Chef du service
> Ressources\"]],\"type\":[\"java.util.ArrayList\",[\"Agent\"]],\"uid\":[\"java.util.ArrayList\",[\"
> XX.XX  \"]],\"uniqueId\":[\"java.util.ArrayList\",[\" XX.XX
> \"]],\"url\":[\"java.util.ArrayList\",[\" XX.XX
> \"]]}},\"credentials\":[\"java.util.ArrayList\",[{\"@class\":\"org.apereo.cas.authentication.metadata.BasicCredentialMetaData\",\"id\":\"ca.chapon-phelut@VLR
> \",\"credentialClass\":\"org.apereo.cas.authentication.credential.RememberMeUsernamePasswordCredential\"}]],\"attributes\":{\"@class\":\"java.util.LinkedHashMap\",\"credentialType\":[\"java.util.ArrayList\",[\"RememberMeUsernamePasswordCredential\"]],\"samlAuthenticationtatementAuthMethod\":[\"java.util.ArrayList\",[\"urn:oasis:names:tc:SAML:1.0:am:unspecified\"]],\"authenticationDate\":[\"java.util.ArrayList\",[[\"java.lang.Long\",1614283226]]],\"credential\":[\"java.util.ArrayList\",[\"eyJ