Hello Group,
Seems like there was plenty of changes from v6.6 to 7.2 and after upgrade
cfg stopped work. We are using CAS with OpenID via webflow to authinticate
users via AAD Enterprise application.
After upgrade to CAS 7.2 i can see errors:
*No delegated authentication providers could be determined based on the
provided configuration.*
*WARN [org.apereo.cas.authentication.DefaultAuthenticationManager] The
resulting authentication attempt has not recorded any successes or
failures. This typically means that no authentication handler could be
found to support the authentication request or the credential types
provided. The authentication handlers that were examined are:
[ProxyAuthenticationHandler]*
*DEBUG
[org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer]
Initialized context with request parameters
[{service=[https://my.website]}] DEBUG
[org.apereo.cas.support.pac4j.authentication.clients.RefreshableDelegatedIdentityProviders]
The following clients are built: [[]]*
similar case was reported
here:
https://groups.google.com/a/apereo.org/g/cas-user/c/AOgHVuZ0Qw8/m/uicc-AwOCAAJ
but seems like there is no solution.
Does anybody have working configuration to use auth via Azure OIDC?
In the lab i'm using docker with cas.properties:
CasFeatureModule.Authentication.azuread.enabled=true
CasFeatureModule.DelegatedAuthentication.enabled=true
CasFeatureModule.DelegatedAuthentication.dynamic-discovery.enabled=true
cas.server.name=https://192.168.1.83:8444
cas.server.prefix=${cas.server.name}/cas
#logging.config=file:/etc/cas/config/log4j2.xml
server.ssl.enabled=true
server.ssl.key-store=file:/etc/cas/cas-keystore.p12
server.ssl.key-store-password=changeit
server.ssl.key-password=changeit
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=cas
cas.authn.pac4j.oidc[0].azure.id={ID}
cas.authn.pac4j.oidc[0].azure.secret={SECRET}
cas.authn.pac4j.oidc[0].azure.discovery-uri
=https://login.microsoftonline.com/{cut}
/v2.0/.well-known/openid-configuration
cas.authn.pac4j.oidc[0].azure.auto-redirect-type=SERVER
cas.authn.pac4j.oidc[0].azure.client-name=USOSCAS
cas.authn.pac4j.oidc[0].azure.enabled=true
cas.authn.pac4j.oidc[0].azure.principal-id-attribute=email
cas.authn.pac4j.oidc[0].azure.scope=openid,profile,email
cas.authn.pac4j.oidc[0].azure.tenant={TENANT}
but unfortunately this config does not redirect to MS login page.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9c012fa9-20d8-4fdb-a2cb-7831f8d1d685n%40apereo.org.
