Marcin,
Check pac4j debug logs,
https://apereo.github.io/cas/7.2.x/integration/Delegate-Authentication.html#troubleshooting
...
<Logger name="org.pac4j" level="debug" additivity="false">
<AppenderRef ref="casConsole"/>
<AppenderRef ref="casFile"/>
</Logger>
...
Ray
________________________________
From: cas-user@apereo.org <cas-user@apereo.org> on behalf of Marcin Majcherczyk
<mous...@gmail.com>
Sent: June 11, 2025 06:13
To: CAS Community <cas-user@apereo.org>
Subject: [cas-user] CAS 7.2 OIDC with webflow not working
You don't often get email from mous...@gmail.com. Learn why this is
important<https://aka.ms/LearnAboutSenderIdentification>
Hello Group,
Seems like there was plenty of changes from v6.6 to 7.2 and after upgrade cfg
stopped work. We are using CAS with OpenID via webflow to authinticate users
via AAD Enterprise application.
After upgrade to CAS 7.2 i can see errors:
No delegated authentication providers could be determined based on the provided
configuration.
WARN [org.apereo.cas.authentication.DefaultAuthenticationManager] The resulting
authentication attempt has not recorded any successes or failures.
This typically means that no authentication handler could be found to support
the authentication request or the credential types provided.
The authentication handlers that were examined are: [ProxyAuthenticationHandler]
DEBUG
[org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer]
Initialized context with request parameters [{service=[https://my.website]}]
DEBUG
[org.apereo.cas.support.pac4j.authentication.clients.RefreshableDelegatedIdentityProviders]
The following clients are built: [[]]
similar case was reported here:
https://groups.google.com/a/apereo.org/g/cas-user/c/AOgHVuZ0Qw8/m/uicc-AwOCAAJ
but seems like there is no solution.
Does anybody have working configuration to use auth via Azure OIDC?
In the lab i'm using docker with cas.properties:
CasFeatureModule.Authentication.azuread.enabled=true
CasFeatureModule.DelegatedAuthentication.enabled=true
CasFeatureModule.DelegatedAuthentication.dynamic-discovery.enabled=true
cas.server.name=https://192.168.1.83:8444
cas.server.prefix=${cas.server.name}/cas
#logging.config=file:/etc/cas/config/log4j2.xml
server.ssl.enabled=true
server.ssl.key-store=file:/etc/cas/cas-keystore.p12
server.ssl.key-store-password=changeit
server.ssl.key-password=changeit
server.ssl.key-store-type=PKCS12
server.ssl.key-alias=cas
cas.authn.pac4j.oidc[0].azure.id={ID}
cas.authn.pac4j.oidc[0].azure.secret={SECRET}
cas.authn.pac4j.oidc[0].azure.discovery-uri=https://login.microsoftonline.com/{cut}/v2.0/.well-known/openid-configuration
cas.authn.pac4j.oidc[0].azure.auto-redirect-type=SERVER
cas.authn.pac4j.oidc[0].azure.client-name=USOSCAS
cas.authn.pac4j.oidc[0].azure.enabled=true
cas.authn.pac4j.oidc[0].azure.principal-id-attribute=email
cas.authn.pac4j.oidc[0].azure.scope=openid,profile,email
cas.authn.pac4j.oidc[0].azure.tenant={TENANT}
but unfortunately this config does not redirect to MS login page.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/9c012fa9-20d8-4fdb-a2cb-7831f8d1d685n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/9c012fa9-20d8-4fdb-a2cb-7831f8d1d685n%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081B00E26399D02D0CCD8C3CE75A%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.
