Hi,
I am trying to configure CAS 6.0.1 to delegate to Azure AD using Oauth2
My overlay build.gradle contains the following:
dependencies {
compile
"org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}"
compile
"org.apereo.cas:cas-server-support-pac4j-webflow:${project.'cas.version'}"
}
My cas.properties contains the following:
cas.authn.pac4j.oauth2[0].id=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
cas.authn.pac4j.oauth2[0].secret=mysecret
cas.authn.pac4j.oauth2[0].authUrl=https:
//login.microsoftonline.com/common/oauth2/authorize
cas.authn.pac4j.oauth2[0].tokenUrl=https:
//login.microsoftonline.com/common/oauth2/token
cas.authn.pac4j.oauth2[0].clientName=AzureAD
I have added the CAS redirect URL to the allowed Reply URLs for the App
registration in Azure AD.
When I point my browser at CAS:
1. My browser is redirected to Azure AD.
2. I login to Azure AD.
3. My browser is redirected back to CAS.
However, at that point CAS fails to complete the login, and the following
error is displayed in the log.
2019-03-06 11:04:52,337 DEBUG [org.pac4j.oauth.credentials.extractor.
OAuth20CredentialsExtractor] - <sessionState:
TST-1-uwQC-bMB6BHZNkzhpUtVfKZDZhtiHf9R
/ stateParameter: TST-1-uwQC-bMB6BHZNkzhpUtVfKZDZhtiHf9R>
2019-03-06 11:04:52,337 DEBUG [org.pac4j.oauth.credentials.extractor.
OAuth20CredentialsExtractor] - <code:
AQABAAIAAACEfexXxjamQb3OeGQ4GugvwYgFHYRZxIL1IOezVY3ljBAbpR2DyzQQn4IaRQr01EPGQAGlQOQEepuEe3ndxRh8UX1OAB2zeIJ0Wf1Zu3xbN5KA6aGzGY0PDDcTuk5nx1gfhIZBbxibSRRidqhhCU
-mhYY-
lgie48PhAge30b214EBYBfhhqZz6jZk9KjkkjRuKkiYRNSl0yF__Z8gwffML09WzSaB6pPBuxRWUL79lXr9KqBYo4L6IkysMOqt2PGGZDJJRKcC6SruDgjuVCynJ7k8TIi0CdHCMQWDahHpMXWMkQycfJheACNHnXjQOk
-
meLqKS9LGeqMTBQPsBtnmBLwFeuwCH0vavzfkSbBpOvjwVnQeS16Gwp490ZkGEKEFtO5RBRA_nqtpMZoTNTe7TXrjdXiChoASALT8zaddPXP9wN1DErR1z99r8DldEkA4qM3
-
ULzKtrhBDGOG7qrmYo9KSq_qqUs0NM7i0wNwxTrQ9Q6qEGfC46t3NqBOTDBoHtY5KHS2p3GlvlSHjMg8DIO9dGphGHC5L
-p5Jfjn-awwYsnDQ62P4n2d4tSHLqNcgAA>
2019-03-06 11:04:52,337 DEBUG [org.pac4j.oauth.credentials.authenticator.
OAuth20Authenticator] - <code:
AQABAAIAAACEfexXxjamQb3OeGQ4GugvwYgFHYRZxIL1IOezVY3ljBAbpR2DyzQQn4IaRQr01EPGQAGlQOQEepuEe3ndxRh8UX1OAB2zeIJ0Wf1Zu3xbN5KA6aGzGY0PDDcTuk5nx1gfhIZBbxibSRRidqhhCU
-mhYY-
lgie48PhAge30b214EBYBfhhqZz6jZk9KjkkjRuKkiYRNSl0yF__Z8gwffML09WzSaB6pPBuxRWUL79lXr9KqBYo4L6IkysMOqt2PGGZDJJRKcC6SruDgjuVCynJ7k8TIi0CdHCMQWDahHpMXWMkQycfJheACNHnXjQOk
-
meLqKS9LGeqMTBQPsBtnmBLwFeuwCH0vavzfkSbBpOvjwVnQeS16Gwp490ZkGEKEFtO5RBRA_nqtpMZoTNTe7TXrjdXiChoASALT8zaddPXP9wN1DErR1z99r8DldEkA4qM3
-
ULzKtrhBDGOG7qrmYo9KSq_qqUs0NM7i0wNwxTrQ9Q6qEGfC46t3NqBOTDBoHtY5KHS2p3GlvlSHjMg8DIO9dGphGHC5L
-p5Jfjn-awwYsnDQ62P4n2d4tSHLqNcgAA>
2019-03-06 11:04:53,522 DEBUG [org.pac4j.oauth.credentials.authenticator.
OAuth20Authenticator] - <accessToken: com.github.scribejava.core.model.
OAuth2AccessToken@6a3ddd2e>
2019-03-06 11:04:53,522 DEBUG [org.pac4j.oauth.client.GenericOAuth20Client]
- <Credentials validation took: 1185 ms>
2019-03-06 11:04:53,522 INFO [org.apereo.cas.web.flow.
DelegatedClientAuthenticationAction] - <Credentials are successfully
authenticated using the delegated client [AzureAD]>
2019-03-06 11:04:53,539 DEBUG [org.pac4j.oauth.client.GenericOAuth20Client]
- <credentials : #OAuth20Credentials# | code:
AQABAAIAAACEfexXxjamQb3OeGQ4GugvwYgFHYRZxIL1IOezVY3ljBAbpR2DyzQQn4IaRQr01EPGQAGlQOQEepuEe3ndxRh8UX1OAB2zeIJ0Wf1Zu3xbN5KA6aGzGY0PDDcTuk5nx1gfhIZBbxibSRRidqhhCU-mhYY-lgie48PhAge30b214EBYBfhhqZz6jZk9KjkkjRuKkiYRNSl0yF__Z8gwffML09WzSaB6pPBuxRWUL79lXr9KqBYo4L6IkysMOqt2PGGZDJJRKcC6SruDgjuVCynJ7k8TIi0CdHCMQWDahHpMXWMkQycfJheACNHnXjQOk-meLqKS9LGeqMTBQPsBtnmBLwFeuwCH0vavzfkSbBpOvjwVnQeS16Gwp490ZkGEKEFtO5RBRA_nqtpMZoTNTe7TXrjdXiChoASALT8zaddPXP9wN1DErR1z99r8DldEkA4qM3-ULzKtrhBDGOG7qrmYo9KSq_qqUs0NM7i0wNwxTrQ9Q6qEGfC46t3NqBOTDBoHtY5KHS2p3GlvlSHjMg8DIO9dGphGHC5L-p5Jfjn-awwYsnDQ62P4n2d4tSHLqNcgAA
| accessToken: com.github.scribejava.core.model.OAuth2AccessToken@6a3ddd2e
|>
2019-03-06 11:04:53,539 DEBUG [org.pac4j.oauth.profile.creator.
OAuth20ProfileCreator] - <accessToken: com.github.scribejava.core.model.
OAuth2AccessToken@6a3ddd2e / dataUrl: null>
2019-03-06 11:04:53,541 ERROR [org.apereo.cas.authentication.
PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials
may be incorrect or CAS cannot find authentication handler that supports [
ClientCredential(credentials=#OAuth20Credentials# | code:
AQABAAIAAACEfexXxjamQb3OeGQ4GugvwYgFHYRZxIL1IOezVY3ljBAbpR2DyzQQn4IaRQr01EPGQAGlQOQEepuEe3ndxRh8UX1OAB2zeIJ0Wf1Zu3xbN5KA6aGzGY0PDDcTuk5nx1gfhIZBbxibSRRidqhhCU-mhYY-lgie48PhAge30b214EBYBfhhqZz6jZk9KjkkjRuKkiYRNSl0yF__Z8gwffML09WzSaB6pPBuxRWUL79lXr9KqBYo4L6IkysMOqt2PGGZDJJRKcC6SruDgjuVCynJ7k8TIi0CdHCMQWDahHpMXWMkQycfJheACNHnXjQOk-meLqKS9LGeqMTBQPsBtnmBLwFeuwCH0vavzfkSbBpOvjwVnQeS16Gwp490ZkGEKEFtO5RBRA_nqtpMZoTNTe7TXrjdXiChoASALT8zaddPXP9wN1DErR1z99r8DldEkA4qM3-ULzKtrhBDGOG7qrmYo9KSq_qqUs0NM7i0wNwxTrQ9Q6qEGfC46t3NqBOTDBoHtY5KHS2p3GlvlSHjMg8DIO9dGphGHC5L-p5Jfjn-awwYsnDQ62P4n2d4tSHLqNcgAA
| accessToken: com.github.scribejava.core.model.OAuth2AccessToken@6a3ddd2e
|, clientName=AzureAD, typedIdUsed=true, userProfile=null)] of type
[ClientCredential]. Examine the configuration to ensure a method of
authentication is defined and analyze CAS logs at DEBUG level to trace the
authentication event.>
Any ideas what I'm doing wrong?
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b3ea0c1d-e8e2-43df-bc9d-c57d60262fe0%40apereo.org.
