Any help on this matter ?
Can't see what's wront here
Le mardi 27 juin 2023 à 16:09:59 UTC+2, Jérémie a écrit :
> Hi,
>
> I'm pretty new to cas (6.6.8) and I'm trying to connect an test
> application to my CAS server using OIDC. I'm used to Okta, Auth0, etc so
> OIDC is not new to me, just CAS configuration.
>
> My Cas is also connected to an AD to sign in.
>
> This is my Cas server configuration using OIDC module
> (org.apereo.cas:cas-server-support-oidc) :
>
> # Server
> server.port=443
>
> # SSL
> server.ssl.enabled=true
> server.ssl.key-store=file:{path}
> server.ssl.key-store-password=xxx
> server.ssl.key-password=xxx
>
> # CAS
> cas.server.name=https://URL:443
> cas.server.prefix=${cas.server.name}/cas
> cas.logout.followServiceRedirects=true
> cas.authn.accept.enabled=false
>
> # Active Directory
> cas.authn.ldap[0].type=AUTHENTICATED
> cas.authn.ldap[0].ldapUrl=ldap://localhost:389
> cas.authn.ldap[0].useStartTls=false
> cas.authn.ldap[0].baseDn=DC=AAA,DC=BBB
> cas.authn.ldap[0].search-filter=(sAMAccountName={user})
> cas.authn.ldap[0].subtreeSearch=true
> cas.authn.ldap[0].bindDn=USER
> cas.authn.ldap[0].bindCredential=XXX
>
> # OIDC settings
> cas.authn.oidc.core.issuer=https://URL/cas/oidc
> cas.authn.oidc.core.skew=5
> cas.authn.oidc.jwks.file-system.jwks-file=file:C:\Program Files\Tomcat
> 9.0\etc\cas\config\keystore.jwks
>
> # Encryption/Signing keys
> cas.tgc.crypto.encryption.key=SN7Vpa8oHvXfh2hDZp8ANxZGRkF1DvKbYLTy_Vip2dI
>
> cas.tgc.crypto.signing.key=KwbtZl2y5sidXFMShjVm4PiGwjVQ0Fq-ZBp0A_HUK6IOnoS2h0E5cSfp7vy8uioqX04yKIBXcU0kUm6DRuPCZQ
>
> cas.webflow.crypto.signing.key=MltIqyj_vGFgZKFfw8vmoqYIYYu_KEU20AyZaAIDZl_Xjhl0ZGpPNe4h4N7-8p1_pNi-s97TQKb1-INp9VEwEA
> cas.webflow.crypto.encryption.key=3Mh_pdDFLPCMgacDL6z8SQ
>
> ---
>
> This is my /etc/config/services file :
> {
> "@class": "org.apereo.cas.services.OidcRegisteredService",
> "serviceId": "https://localhost:3000/callback";, --> my app URL
> "name": "OIDC",
> "id": 1,
> "clientId": "41ff9715-bd3e-473c-9888-e2d5a1364c2a",
> "clientSecret": "SECRET",
> "bypassApprovalPrompt": true,
> "generateRefreshToken": true,
> "evaluationOrder": 10000
> }
>
> ---
>
> This is my test application config (Node.js app) :
> {
> "domain": "cas.lyvoc.com/cas/oidc",
> "clientId": "41ff9715-bd3e-473c-9888-e2d5a1364c2a",
> }
>
> This application was used for other IdP so it won't come from this. When
> hitting login on it, this is the /authorize URL I'm getting redirected to :
> *https://URL/cas/oidc/authorize?client_id=41ff9715-bd3e-473c-9888-e2d5a1364c2a&acr=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fmulti-factor&scope=openid%20profile%20email%20read%3Aall&response_type=code&response_mode=query&state=dGEwS21Ddm52WUNXc254c2ptRmNzQjBOZGNTSGlPZzZ1R1AxVldOTl9lMA%3D%3D&nonce=RUIzY1hEbWJmWDZJYjNWOWh3QVJZcjBBdVNDOGt0RVdjYVl6WEZ1R0tXYQ%3D%3D&redirect_uri=http%3A%2F%2Flocalhost%3A3000&code_challenge=2Mln96FLN8s0qylEMY9yuC7ucbKioF9cGMIYG5B4q8s&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTkuNCJ9
>
> <https://URL/cas/oidc/authorize?client_id=41ff9715-bd3e-473c-9888-e2d5a1364c2a&acr=http%3A%2F%2Fschemas.openid.net%2Fpape%2Fpolicies%2F2007%2F06%2Fmulti-factor&scope=openid%20profile%20email%20read%3Aall&response_type=code&response_mode=query&state=dGEwS21Ddm52WUNXc254c2ptRmNzQjBOZGNTSGlPZzZ1R1AxVldOTl9lMA%3D%3D&nonce=RUIzY1hEbWJmWDZJYjNWOWh3QVJZcjBBdVNDOGt0RVdjYVl6WEZ1R0tXYQ%3D%3D&redirect_uri=http%3A%2F%2Flocalhost%3A3000&code_challenge=2Mln96FLN8s0qylEMY9yuC7ucbKioF9cGMIYG5B4q8s&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMTkuNCJ9>*
>
> The issue is that I'm getting redirected to a CAS page, but saying
> "Authorization
> Denied". I'm not getting redirected to the authentication page or anything
> like that :
> [image: firefox_u32LfLkefz.png]
>
> I'm not finding anything on the net for this.
>
> Thanks for any help !
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/aee5b421-7bc9-4d83-a725-449cb6d68025n%40apereo.org.
