Hello guys!
I'd like to enable CAS SSO as an additional authentication method on my
Keycloak platform.
build.gradle
implementation "org.apereo.cas:cas-server-core-api-configuration-model"
implementation "org.apereo.cas:cas-server-webapp-init"
implementation "org.apereo.cas:cas-server-support-ldap"
implementation "org.apereo.cas:cas-server-support-json-service-registry"
implementation "org.apereo.cas:cas-server-support-oidc"
implementation "org.apereo.cas:cas-server-support-ldap-core"
cas.properties
cas.server.name=https://cas.exemple.sn:8443
cas.server.prefix=${cas.server.name}/cas
logging.config=file:/etc/cas/config/log4j2.xml
############# ----- LDAP ---- ##################
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://x.x.x.x
cas.authn.ldap[0].baseDn=dc=exemple,dc=com
cas.authn.ldap[0].searchFilter=uid={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].bindDn=cn=myadmintest,dc=exemple,dc=com
cas.authn.ldap[0].bindCredential=xxxxxx
cas.authn.ldap[0].principalAttributeId=mail
cas.service-registry.json.location=file:/etc/cas/services
cas.authn.accept.users=
#mappage attribut,uid, cn et mail sont les attributs LDAP qui seront
extraits pour l'user
cas.authn.ldap[0].principalAttributeList=sn,givenName,mail
# ------OIDC------
cas.authn.oidc.jwks.file-system.jwks-file=file:/etc/cas/config/keystore.jwks
cas.authn.oidc.enabled=true
# URL de base pour OpenID Connect
cas.authn.oidc.core.issuer=https://cas.exemple.com/cas/oidc
# Activer la découverte automatique (/.well-known/openid-configuration)
cas.authn.oidc.discovery.discoverySettingsEnabled=true
cas.authn.oidc.jwks.jwks-file=file:/etc/cas/config/keystore.jwks
cas.authn.oidc.skew=5
# Add/remove scopes as necessary here...
cas.authn.oidc.discovery.scopes=openid,profile,email
# Configurer les clients OIDC
cas.authn.pac4j.oidc[0].generic.id=myclientid (from keycloak)
cas.authn.pac4j.oidc[0].generic.secret=xxxxxxx
cas.authn.pac4j.oidc[0].generic.client-nam=myclientid
# Note the realm name in the discovery URL...
cas.authn.pac4j.oidc[0].generic.discovery-uri=https://keycloak.exemple.com/realms/test/.well-known/openid-configuration
cas.authn.pac4j.oidc[0].generic.principal-id-attribute=email
cas.authn.pac4j.oidc[0].generic.preferred-jws-algorithm=RS256
cas.authn.pac4j.oidc[0].generic.client-authentication-method=client_secret_basic
cas.authn.pac4j.oidc[0].generic.supported-client-authentication-methods=client_secret_basic,client_secret_post
######## my oidc-10001.json file #######
{
"@class": "org.apereo.cas.services.OidcRegisteredService",
"clientId": "casclientid",
"clientSecret": "xxxxxxxxxxxxxxxxx",
"serviceId":
"https://keycloak.exemple.com/realms/test/broker/keycloak-oidc/endpoint";,
"name": "oidc",
"id": 10001,
"bypassApprovalPrompt": true,
"description": "Service OIDC pour Moodle",
"evaluationOrder": 3,
"scopes": ["java.util.HashSet", [ "openid", "profile", "email" ]]
}
i have this error keycloak oidc works perfect CAS OIDC auth also works
perfects but delegate auth doesnt work[image: Capture d'écran 2024-10-09
130306.png]
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/775b75b3-8ff9-40af-8d95-cccb3988b703n%40apereo.org.
