Hello Ray and Bartosz!
Thanks for posting your configs, I think I'm close to getting CAS working
with Azure (going into detail to maybe help the next person)
For CAS 6.6.7
I added this module to build.gradle and built the cas.war:
// Azure support
implementation
"org.apereo.cas:cas-server-support-pac4j-webflow:${project.'cas.version'}"
This is what my cas.properties is, on azure I made an app called "cas"
cas.authn.pac4j.oidc[0].azure.display-name= cas
cas.authn.pac4j.oidc[0].azure.auto-redirect-type= SERVER
cas.authn.pac4j.oidc[0].azure.client-name= cas
cas.authn.pac4j.oidc[0].azure.enabled= true
cas.authn.pac4j.oidc[0].azure.id= [client ap id of cas app]
cas.authn.pac4j.oidc[0].azure.response-mode= form_post
cas.authn.pac4j.oidc[0].azure.response-type= id_token
cas.authn.pac4j.oidc[0].azure.scope= openid
cas.authn.pac4j.oidc[0].azure.secret= [cas client app secret]
cas.authn.pac4j.oidc[0].azure.tenant= [tenant id]
cas.authn.pac4j.oidc[0].azure.use-nonce= true
cas.authn.pac4j.oidc[0].azure.discovery-uri=
https://login.microsoftonline.com/[tenant
id]/oauth2/v2.0/cas.authn.pac4j.oidc[0].azure.logout-url=
https://login.microsoftonline.com/common/oauth2/logout
On Azure, I enabled id_token and set the redirect url to:
https://cas.dev.schoolname.ca/cas/login?client_name=
<https://local.uvic.ca/cas/login?client_name=CasAsAClient>cas
service fiile for CasTest-1.json
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "http://cas-test.dev.ecuad.ca/wp-login.php*";,
"name" : "CasTest"
"id" : 1,
"evaluationOrder" : 1,
}
Catalina.out when I go to the Cas Test page (word press site):
2023-05-25 15:25:02,294 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: {result=Client Access Granted,
service=http://cas-test.dev.schoolname.ca/wp-login.php, client=cas,
registeredService=CasTest:http://cas-test.dev.ecuad.ca/wp-login.php*}
ACTION: DELEGATED_CLIENT_SUCCESS
APPLICATION: CAS
WHEN: Thu May 25 15:25:02 PDT 2023
CLIENT IP ADDRESS: xxxxxxxxxxx
SERVER IP ADDRESS: unknown
=============================================================
The problem I'm having is the web page will go to:
https://cas.dev.schoolname.ca/cas/login?client_name=
<https://local.uvic.ca/cas/login?client_name=CasAsAClient>cas
and time out. I'm not sure what I need to set so CAS (or Azure) will
redirect to the WordPress site.
Any help is appreciated.
Thank you,
Rod
On Friday, 23 April 2021 at 00:30:51 UTC-7 Bartosz Nitkiewicz wrote:
> Ray,
>
> Thank You. Now its working as expected.
>
> Regards
> Bartek
>
> czwartek, 22 kwietnia 2021 o 22:58:02 UTC+2 Ray Bon napisał(a):
>
>> Bartosz,
>>
>> The only cas properties I have that you do not are:
>> cas.authn.pac4j.oidc[0].azure.discoveryUri=
>> <https://login.microsoftonline.com/37b56a68-3494-448b-9c6b-f42f98041e00/oauth2/v2.0/>
>> https://login.microsoftonline.com/[tenant id goes here]/oauth2/v2.0/
>> cas.authn.pac4j.oidc[0].azure.logoutUrl=
>> https://login.microsoftonline.com/common/oauth2/logout
>>
>> When I go from cas to azure, this is the link (from developer tools):
>>
>> <https://login.microsoftonline.com/37b56a68-3494-448b-9c6b-f42f98041e00/oauth2/authorize?response_type=code&redirect_uri=https://local.uvic.ca/cas/login?client_name=CasAsAClient&state=TST-1-7MlVK-yh42Y60jZJPEp6fXck45BFasyX&client_id=6d16c7e9-2c54-4c95-b78c-e9599d1edffd&scope=openid>
>> https://login.microsoftonline.com/[tenant id goes
>> here]/oauth2/authorize?response_type=code&redirect_uri=
>> https://local.uvic.ca/cas/login?client_name=CasAsAClient&state=TST-1-...&client_id=[client
>> id
>> goes here]&scope=openid profile email
>>
>> In azure I added an app registration called CasAsAClient. In this
>> application I have a web redirect url,
>> https://local.uvic.ca/cas/login?client_name=CasAsAClient
>>
>> I do not have specific notes on the steps I took. I did read a lot of MS
>> documentation and web tutorials.
>>
>> Ray
>>
>>
>> On Thu, 2021-04-22 at 11:27 -0700, Bartosz Nitkiewicz wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>> I want to setup Azure as default auth for all services. But it gives me
>> this error AADSTS900971: No reply address provided.
>> There are no logs on CAS server side.
>> I think that I have missconfigure something during Azure app
>> registration. I don't know how it shoud be configure. I want to delagate
>> auth to Azure through OIDC.
>> I've read that You have it working :)
>>
>> czwartek, 22 kwietnia 2021 o 20:18:08 UTC+2 Ray Bon napisał(a):
>>
>> Bartosz,
>>
>> After successful login on azure, cas will redirect to your intended
>> service.
>>
>> Are there any error messages in the logs?
>>
>> Ray
>>
>> On Thu, 2021-04-22 at 10:18 -0700, Bartosz Nitkiewicz wrote:
>>
>> Notice: This message was sent from outside the University of Victoria
>> email system. Please be cautious with links and sensitive information.
>>
>>
>> Hi. I got stucked. I've managed to delegate auth to Azure AD. I can login
>> with my user and password. But after that I have AADSTS900971: No reply
>> address provided.
>>
>> I don't know how to set it up properly.
>>
>> My registered CAS app (Azure) is redirected to my CAS server
>> https://example.org/cas with enable ID tokens and Access tokens.
>>
>> "cas.authn.pac4j.name": "Azure",
>> "cas.authn.pac4j.oidc[0].azure.autoRedirect": "true",
>> "cas.authn.pac4j.oidc[0].azure.clientName": "Azure",
>> "cas.authn.pac4j.oidc[0].azure.enabled": "true",
>> "cas.authn.pac4j.oidc[0].azure.id": "xxxxx",
>> "cas.authn.pac4j.oidc[0].azure.responseMode": "form_post",
>> "cas.authn.pac4j.oidc[0].azure.responseType": "id_token",
>> "cas.authn.pac4j.oidc[0].azure.scope": "openid",
>> "cas.authn.pac4j.oidc[0].azure.secret": "xxxxxx",
>> "cas.authn.pac4j.oidc[0].azure.tenant": "xxxxx",
>> "cas.authn.pac4j.oidc[0].azure.useNonce": "true",
>>
>> I don't know if it is ok?
>> Any hints?
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca
>>
>> I respectfully acknowledge that my place of work is located within the
>> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
>> WSÁNEĆ Nations.
>>
>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b0d476f9-44aa-4a8f-98b0-585d206217fan%40apereo.org.
