Hi, I'm having troubles accessing OIDC Services from the "/cas/login?service=" endpoint. Using the "/cas/oidc/authorize" there is no problem with the flow, but I want to understand why when using the "/cas/login?service" is not working.
Using "/cas/login?service=" with an CasRegisteredService there is no problem. When using an OidcRegisteredService it appears an error of "Service unauthorized" like there is not registered. BUT, if accessing the "/actuator/RegisteredServices" it appears. In case that by design it's not possible, please answer that. This is what I consider the relevant conf, if there is more needed, please answer that. /cas/login?service=https://my.application.com/oidc The application you attempted to authenticate to is not authorized to use CAS. This usually indicates that the application is not registered with CAS, or its authorization policy defined in its registration record prevents it from leveraging CAS functionality, or it's malformed and unrecognized by CAS. Contact your CAS administrator to learn how you might register and integrate your application with CAS. CasService.json { "@class" : "org.apereo.cas.services.CasRegisteredService", "serviceId" : "https://app.example.org";, "name" : "ApplicationName", "id" : 1001 } OidcService.json { "@class" : "org.apereo.cas.services.OidcRegisteredService", "clientId": "my-client-id", "clientSecret": "my-client-secret", "serviceId" : "https://my.application.com/oidc";, "name": "OIDC", "description": "A sample OIDC client application", "id": 1002 } build.gradle /** * CAS dependencies and modules may be listed here. * * There is no need to specify the version number for each dependency * since versions are all resolved and controlled by the dependency management * plugin via the CAS bom. **/ implementation "org.apereo.cas:cas-server-support-rest" implementation "org.apereo.cas:cas-server-support-reports" implementation "org.apereo.cas:cas-server-support-json-service-registry" implementation "org.apereo.cas:cas-server-support-ldap" implementation "org.apereo.cas:cas-server-support-oidc" cas.properties # ------OIDC------ cas.authn.oidc.core.issuer=${cas.server.name}/oidc #cas.authn.oidc.core.skew=PT5M cas.authn.oidc.jwks.file-system.jwks-file= file:///etc/cas/config/keystore.jwks /cas/actuator/registeredServices { "0": "java.util.ArrayList", "1": [ { "@class": "org.apereo.cas.services.CasRegisteredService", "serviceId": "https://app.example.org";, "name": "ApplicationName", "id": 1001 }, { "@class": "org.apereo.cas.services.OidcRegisteredService", "serviceId": "https://my.application.com/oidc";, "name": "OIDC", "id": 1002, "description": "A sample OIDC client application", "clientSecret": "my-client-secret", "clientId": "my-client-id" } ] } Thanks in advance. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/174dbb31-28e2-44d1-bc12-a8efc27ef578n%40apereo.org.
