Hello Pablo,
I went and edited one of my test service files to match up with "commas and
quotes" to what is available in the documentation. I'm still seeing the
following in the log file when attempting to test login:
2025-03-24 11:55:54,331 INFO [org.apereo.inspektr.audit.AuditTrailManager]
- <Audit trail record BEGIN
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]:
=============================================================
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]: WHEN:
2025-03-24T16:55:54.330390765
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]: WHO: audit:unknown
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]: WHAT:
{result=Service Access Granted,
service=https://idm-cas-mgr-test.tamucc.edu/cas-management/callback?client_name=CasClient,
requiredAttributes={}}
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]: ACTION:
SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]: CLIENT_IP:
192.168.155.189
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]: SERVER_IP:
0:0:0:0:0:0:0:1
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]:
=============================================================
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]: >
Mar 24 11:55:54 idm-cas2-test.tamucc.edu cas.war[108351]: 2025-03-24
11:55:54,959 WARN [jakarta.persistence.spi] - <jakarta.persistence.spi::No
valid providers found.>
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]: 2025-03-24
11:56:04,160 INFO [org.apereo.inspektr.audit.AuditTrailManager] - <Audit
trail record BEGIN
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]:
=============================================================
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]: WHEN:
2025-03-24T16:56:04.160205840
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]: WHO: audit:unknown
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]: WHAT:
{source=RankedMultifactorAuthenticationProviderWebflowEventResolver,
event=success,
url=https://login-test.tamucc.edu/cas/login?service=https%3A%2F%2Fidm-cas-mgr-test.tamucc.edu%2Fcas-management%2Fcallback%3Fclient_name%3DCasClient,
timestamp=2025-03-24T16:56:04.158}
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]: ACTION:
AUTHENTICATION_EVENT_TRIGGERED
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]: CLIENT_IP:
192.168.155.189
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]: SERVER_IP:
0:0:0:0:0:0:0:1
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]:
=============================================================
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]: >
Mar 24 11:56:04 idm-cas2-test.tamucc.edu cas.war[108351]: 2025-03-24
11:56:04,829 WARN
[org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer]
- <No delegated authentication providers could be determined based on the
provided configuration. Either no identity providers are configured, or the
current access strategy rules prohibit CAS from using authentication
providers>
It's still not finding the external identity provider.
Not sure what else to do at this point. The overlay builds clean and
starts and runs without issues.
Phil
On Thursday, March 20, 2025 at 10:13:47 PM UTC-5 Pablo Vidaurri wrote:
> In you service file, i see missing commas and double quotes. Is that what
> you really have ? I would exepct something like this:
>
> "accessStrategy" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
> "delegatedAuthenticationPolicy" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
> "allowedProviders" : [ "java.util.ArrayList", [
> "TAMUCC_AAD" ] ],
> "permitUndefined": false,
> "exclusive": true
> }
>
> On Thursday, March 20, 2025 at 9:23:44 PM UTC-5 Phil Hale wrote:
>
>> I added the missing dependency and restarted the services and I'm still
>> getting the same warning in the logs:
>>
>> 2025-03-20 13:15:27,445 WARN
>> [com.hazelcast.instance.impl.HazelcastInstanceFactory] - <Hazelcast is
>> starting in a Java modular environment (Java 9 and newer) but without
>> proper access to required Java packages. Use additional Java arguments to
>> provide Hazelcast access to Java internal API. The internal API access is
>> used to get the best performance results. Arguments to be used:
>>
>> Are their any additional cas.properties I need to add to make this work
>> again?
>>
>> Phil
>>
>> On Thursday, March 20, 2025 at 11:59:04 AM UTC-5 Pablo Vidaurri wrote:
>>
>>> Using OIDC I assume?
>>>
>>> Have you tried these dependencies:
>>> implementation "org.apereo.cas:cas-server-support-pac4j-oidc" <--
>>> Looks like just introduced in 7.1.0
>>> implementation "org.apereo.cas:cas-server-support-pac4j-webflow"
>>>
>>> -psv
>>>
>>> On Wednesday, March 19, 2025 at 10:00:52 PM UTC-5 Phil Hale wrote:
>>>
>>>> Hello,
>>>>
>>>> I'm attempting to upgrade from CAS 7.0 to CAS 7.1. I can successfully
>>>> build the war file and launch it without issues. When I attempt to log in
>>>> I get the following error in the log file:
>>>>
>>>> cas.war[331470]: 2025-03-19 15:38:17,967 WARN
>>>> [org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer]
>>>>
>>>> - <No delegated authentication providers could be determined based on the
>>>> provided configuration. Either no identity providers are configured, or
>>>> the
>>>> current access strategy rules prohibit CAS from using authentication
>>>> providers>
>>>>
>>>> and the following on the web browser:
>>>>
>>>>
>>>> [image: Screenshot From 2025-03-19 15-40-11.png]
>>>>
>>>> We have each service file set up to call out to a default identity
>>>> provider with the following block in the service json file:
>>>> accessStrategy:
>>>> {
>>>> @class:
>>>> org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
>>>> delegatedAuthenticationPolicy:
>>>> {
>>>> @class:
>>>> org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy
>>>> allowedProviders:
>>>> [
>>>> java.util.ArrayList
>>>> [
>>>> TAMUCC_AAD
>>>> ]
>>>> ]
>>>> permitUndefined: false
>>>> exclusive: true
>>>> }
>>>> }
>>>>
>>>> This works as expected in 7.0 but does not work in 7.1. In 7.0, we are
>>>> automatically directed to the AAD login and after successfully logging in,
>>>> given access to the app. I've compared the json service file formatting
>>>> with what is documented and can't find any issues.
>>>>
>>>> Hopefully someone has some suggestions on what changes we need to make
>>>> to get this working again.
>>>>
>>>> Thanks,
>>>>
>>>> Phil
>>>>
>>>>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6616d667-5419-48aa-8c0e-5ef5a3191488n%40apereo.org.
