It looks like pac4j is not available in docker image of CAS. It's possible to load it with parameter? I don't see any parameters in description: https://apereo.github.io/cas/7.2.x/installation/Docker-Installation.html I've managed to generate cas.war with help of https://getcas.apereo.org/ui and i've selected pac4j library to add and it partially worked out - redirecting to Entra and auth succeeded.
środa, 11 czerwca 2025 o 17:11:22 UTC+2 Ray Bon napisał(a): > Marcin, > > Check pac4j debug logs, > https://apereo.github.io/cas/7.2.x/integration/Delegate-Authentication.html#troubleshooting > > ... > <Logger name="org.pac4j" level="debug" additivity="false"> > <AppenderRef ref="casConsole"/> > <AppenderRef ref="casFile"/> > </Logger> > ... > > Ray > ------------------------------ > *From:* cas-...@apereo.org <cas-...@apereo.org> on behalf of Marcin > Majcherczyk <mou...@gmail.com> > *Sent:* June 11, 2025 06:13 > *To:* CAS Community <cas-...@apereo.org> > *Subject:* [cas-user] CAS 7.2 OIDC with webflow not working > > You don't often get email from mou...@gmail.com. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > Hello Group, > > Seems like there was plenty of changes from v6.6 to 7.2 and after upgrade > cfg stopped work. We are using CAS with OpenID via webflow to authinticate > users via AAD Enterprise application. > After upgrade to CAS 7.2 i can see errors: > > *No delegated authentication providers could be determined based on the > provided configuration. * > > > > *WARN [org.apereo.cas.authentication.DefaultAuthenticationManager] The > resulting authentication attempt has not recorded any successes or > failures. This typically means that no authentication handler could be > found to support the authentication request or the credential types > provided. The authentication handlers that were examined are: > [ProxyAuthenticationHandler]* > > > *DEBUG > [org.apereo.cas.web.flow.DefaultDelegatedClientIdentityProviderConfigurationProducer] > > Initialized context with request parameters [{service=[https://my.website > <https://my.website>]}] DEBUG > [org.apereo.cas.support.pac4j.authentication.clients.RefreshableDelegatedIdentityProviders] > > The following clients are built: [[]]* > > similar case was reported here: > https://groups.google.com/a/apereo.org/g/cas-user/c/AOgHVuZ0Qw8/m/uicc-AwOCAAJ > > but seems like there is no solution. > > Does anybody have working configuration to use auth via Azure OIDC? > > In the lab i'm using docker with cas.properties: > CasFeatureModule.Authentication.azuread.enabled=true > CasFeatureModule.DelegatedAuthentication.enabled=true > CasFeatureModule.DelegatedAuthentication.dynamic-discovery.enabled=true > > cas.server.name=https://192.168.1.83:8444 > cas.server.prefix=${cas.server.name}/cas > > #logging.config=file:/etc/cas/config/log4j2.xml > > server.ssl.enabled=true > server.ssl.key-store=file:/etc/cas/cas-keystore.p12 > server.ssl.key-store-password=changeit > server.ssl.key-password=changeit > server.ssl.key-store-type=PKCS12 > server.ssl.key-alias=cas > > cas.authn.pac4j.oidc[0].azure.id={ID} > cas.authn.pac4j.oidc[0].azure.secret={SECRET} > cas.authn.pac4j.oidc[0].azure.discovery-uri= > https://login.microsoftonline.com/{cut} > /v2.0/.well-known/openid-configuration > cas.authn.pac4j.oidc[0].azure.auto-redirect-type=SERVER > cas.authn.pac4j.oidc[0].azure.client-name=USOSCAS > cas.authn.pac4j.oidc[0].azure.enabled=true > cas.authn.pac4j.oidc[0].azure.principal-id-attribute=email > cas.authn.pac4j.oidc[0].azure.scope=openid,profile,email > cas.authn.pac4j.oidc[0].azure.tenant={TENANT} > > but unfortunately this config does not redirect to MS login page. > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/9c012fa9-20d8-4fdb-a2cb-7831f8d1d685n%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/9c012fa9-20d8-4fdb-a2cb-7831f8d1d685n%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/551795e7-c5c0-4a96-b9ad-f2ad897c7e1dn%40apereo.org.
