Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 19 13:36

    mmoayyed on master

    minor formatting fixes add tests for uma authorization update spring boot (compare)

  • May 17 15:48

    mmoayyed on master

    add tests for uma policy mgmt skip oauth/oidc service extract… update release notes; minor for… and 1 more (compare)

  • May 17 04:06

    mmoayyed on master

    display attribute consent recor… add tests for oauth uma resourc… documentation updates and 2 more (compare)

  • May 16 15:25

    mmoayyed on 6.5.x

    Update tomcat (compare)

  • May 15 13:29

    mmoayyed on 6.5.x

    fix: attribute encoder fails wi… (compare)

  • May 15 13:28

    mmoayyed on master

    fix build support webauthn devices for ac… deprecate digest and fortress m… and 4 more (compare)

  • May 13 16:15

    mmoayyed on 6.5.x

    Fix null issuer for JWS/JWE on … (compare)

  • May 13 16:15
    mmoayyed closed #5467
  • May 13 16:02

    mmoayyed on master

    use proper beans for attribute … minor formatting fixes fix issue with attribute encodi… (compare)

  • May 13 15:05

    mmoayyed on 6.5.x

    fix issue with attribute encodi… (compare)

  • May 13 12:12

    mmoayyed on master

    move registered service fields … allow saml2 sign responses to b… support rest-based policy for p… and 4 more (compare)

  • May 13 09:47
    apereocas-bot labeled #5467
  • May 13 09:47
    apereocas-bot labeled #5467
  • May 13 09:47
    apereocas-bot milestoned #5467
  • May 13 09:47
    apereocas-bot labeled #5467
  • May 13 09:46
    apereocas-bot labeled #5467
  • May 13 09:46
    leleuj commented #5464
  • May 13 09:46
    leleuj opened #5467
  • May 13 08:21
    mmoayyed commented #5464
  • May 13 07:24
    leleuj commented #5464
Palmurugan
@palmuruganchandran
Hi Team, I am trying to generate JWT token using 6.6.X gradle overlay. I did all the configuration mentioned in the documentation.

JWT Token Details

cas.authn.token.crypto.encryption-enabled=true
cas.authn.token.crypto.signing-enabled=true

cas.authn.token.crypto.encryption.key=tfvWcDVrxhIX7_d9mfLBXfRAmRZawFSPxwkXQtFwtuU
cas.authn.token.crypto.signing.key=qQhJicEW7P019WYG1VuJz8X8SowI2nXhbTIPNeFs5iTZ8hg6CLt1wB7e3vHC_oMJRE_am4x41In_y5IV9j_unQ

But still its not generating the JWT token. I am getting ST Token only.
Can anyone please guide me.
I am getting the below log
2022-04-12 22:45:39,203 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [RegisteredServiceJwtTicketCipherExecutor] will attempt to produce plain objects>
@billjojo
billjojo
@billjojo

@palmuruganchandran Looks like cas.authn.token.crypto.signing.key-size=512 cas.authn.token.crypto.encryption.key-size=512 are the defaults.

You can run wget https://raw.githubusercontent.com/apereo/cas/master/etc/jwk-gen.jar

Then java -jar jwk-gen.jar -t oct -s 512 | grep k.: | cut -f4 -d\" for each.

Palmurugan
@palmuruganchandran
@billjojo I have generated both and updated properties but still I am not getting the JWT token. Kindly help me
cas.authn.token.crypto.encryption.key=urcOPA6okI_UPhUdr7mDmzgl2BTan55Qmqh0n5tZNgsGTxv-6XKGqc-6r9z2ogS8VORHrH6Om9ZJLyVD5Pnz8Q
cas.authn.token.crypto.signing.key=gKAejbstj8HuELbfwampu9zOT6lyd-Jm5Ylj33yESnsnT5WwwEi3240BY5RnqtjMcWdVtiUYoA4l9-EKi7KnNg
2022-04-13 07:12:49,953 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not enabled for [Token/JWT Tickets]. The cipher [RegisteredServiceJwtTicketCipherExecutor] will only attempt to produce signed objects>
2022-04-13 07:12:49,953 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [RegisteredServiceJwtTicketCipherExecutor] will attempt to produce plain objects>
Palmurugan
@palmuruganchandran
cas.authn.token.principal-transformation.groovy.location=
is this property mandatory, if it so what value I have to provide
billjojo
@billjojo
@palmuruganchandran Have you tested this with 6.5.2 or 6.4.6.2? As 6.6 is RC1, I am wondering if this may be a bug. Unless the docs are incorrect, encryption and signing are on by default and the order is ENCRYPT_AND_SIGN. You may want to turn on debugging in the log to see if there is another clue to be found.
Palmurugan
@palmuruganchandran
@billjojo Thank you, I just tried the same with 6.5.2. Its working as expected.
Palmurugan
@palmuruganchandran
@billjojo I am integrating oAuth now. As part of that I have added the dependency and created service. Now I am able to get the code but not able to get the accessToken. I am getting below error.
2022-04-15 19:37:43,380 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] - <Access token request is not supported>
java.lang.UnsupportedOperationException: Access token request is not supported
My Service
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "clientid",
"clientSecret": "clientSecret",
"serviceId" : "^(https|imaps)://cas-client.com/.*",
"name" : "oauthservice",
"id" : 1,
"bypassApprovalPrompt": true
}
Kindly help me
Palmurugan
@palmuruganchandran
@billjojo Kindly advice me what I have to do for the above error
jojowil
@jojowil
@palmuruganchandran I was on holiday. OAuth is not my area of expertise, but I would say your config is incomplete. Please see the service properties and sample configs near the bottom of https://apereo.github.io/cas/6.5.x/authentication/OAuth-Authentication-TokenExpirationPolicy.html
Palmurugan
@palmuruganchandran
Thank you @jojowil I ll try the same.
TimPionnier
@TimPionnier
Hi, did anyone manage to implement fido webauthn with cas 6.5. I am new with cas and kinda struggling
TimPionnier
@TimPionnier
Actually, to be more precise, I am trying to understand how to fill these requirements: cas.authn.mfa.web-authn.core.application-id , cas.authn.mfa.web-authn.core.relying-party-id
SpaceFox
@SpaceFox

Hy everyone,
I try to run Spring Boot "integration tests" on an Apereo CAS overlay.
I have this test class with JUnit 5 and CAS 6.5.x:

@ExtendWith(SpringExtension.class)
@ActiveProfiles({"test"})
@SpringBootTest(webEnvironment =  SpringBootTest.WebEnvironment.RANDOM_PORT,
                classes = {
                        MyConfigurationClasses.class
                })
class RunTest {

    @Test
    public void run() {
        // Test the starting of SpringBoot application
    }
}

My application works fine when launched by hand with the "test" profile, but in the test context, I only got a Unable to start ServletWebServerApplicationContext due to missing ServletWebServerFactory bean. exception.
If someone has any idea of why this error?

mijutu
@mijutu:ellipsis.fi
[m]
I'm logging in with mfa: first ldap then gauth. But there is only GoogleAuthenticatorAuthenticationHandler in <cas:successfulAuthenticationHandlers> and no LdapAuthenticationHandler. Is there some setting I could change to get LdapAuthenticationHandler there too or is this a bug?
Palmurugan
@palmuruganchandran
Hi I configured oAuth related configuration that you mentioned @jojowil But still I am getting the below exception. Please help me

============= OAuth ==================================

cas.authn.oauth.access-token.crypto.encryption.key=92KEd0m4i9q0DjT8BoYRcN3MDjhhM4QSB6qR0elMhdVoKk4_RMW9jterIIVehJmoo5RMp5wbZtwyz7iHOtfFxw
cas.authn.oauth.access-token.crypto.signing.key=ucoR35oNkUPQzCmlmjFsqsdj2JRXrdjZKd58_a7LlFALIOn2ku8wL9ufdvkR9rkF4fG1J9ym_uH6aU53g_MqBQ
cas.authn.oauth.crypto.encryption.key=TSQouPQPwnOcEIbsWJ8ETWujJQy_SnEaOjGJ544UPVRl36fzu6AH0JjsUkHNWADfIUFli5hZ2uqy7uYvvByQTQ
cas.authn.oauth.crypto.signing.key=9yJv_k8A_AuJEjHtWb01GIuWenKPP4hG76mZLy4HL2ojhdEWN0EFlHws2Ms0fCtrqLP9bBc3TSQMOeOqkcilRg

cas.authn.oauth.code.number-of-uses=1
cas.authn.oauth.code.remove-related-access-tokens=false
cas.authn.oauth.code.storage-name=oauthCodesCache
cas.authn.oauth.code.time-to-kill-in-seconds=30

cas.authn.oauth.access-token.crypto.enabled=false
cas.authn.oauth.access-token.crypto.signing-enabled=false
cas.authn.oauth.access-token.crypto.encryption-enabled=false

======================================================

2022-04-28 22:11:58,625 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] - <Access token request is not supported>
java.lang.UnsupportedOperationException: Access token request is not supported
at org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.lambda$verifyAccessTokenRequest$2(OAuth20AccessTokenEndpointController.java:187) ~[cas-server-support-oauth-core-api-6.5.3.jar!/:6.5.3]
2022-04-28 22:11:58,625 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] - <Access token request is not supported> java.lang.UnsupportedOperationException: Access token request is not supported at org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController.lambda$verifyAccessTokenRequest$2(OAuth20AccessTokenEndpointController.java:187) ~[cas-server-support-oauth-core-api-6.5.3.jar!/:6.5.3]
Palmurugan
@palmuruganchandran
{
"grant_type": "authorization_code",
"client_id": "clientid",
"client_secret": "clientSecret",
"code": "OC-1-2hshFPar2So9iu91ke504xq69vK-5MzQ",
"redirect_uri": "https://cas-client.com/intermediate"
}
https://cas.example.org:8443/cas/oauth2.0/accessToken
This is the request information
POST call
Robin Dupret
@rdupret_gitlab

Hello everyone,

I'm struggling to set up CAS proxy for an application.

IIUC, the pgtUrl passed is called by the CAS server and should provide the pgtId and pgtIou parameters. The URL is properly called but neither param is passed.

I'm running CAS version 4 and my application is allowed to be a proxy in the CAS management application.

Can anyone help me please ?

1 reply
JN
@jnbdz

Hi all!
I am new to CAS I am having some issues.
I posted a question on Stackoverflow: https://stackoverflow.com/questions/72131500/unable-to-use-default-username-password-and-make-jsonresourcepassword-json-work

I am trying to follow the tutorial of: https://www.baeldung.com/spring-security-cas-sso

But it seems a bit out of date.

Does anyone have a few minutes to help me out?

Thank you!

2 replies
dhanesh238
@dhanesh238

Hi all

I am using CAS 6.4.6 version. Have noticed that the authentication process is getting called twice because of which it is taking longer time compared to the behaviour in 6.3.x version.

On checking the code, noticed that from DefaultRestAuthenticationService.java, it is calling handleInitialAuthenticationTransaction( ) method twice once directly and other via finalizeAuthenticationTransaction( ).

Can you let us know if it is expected behaviour or an issue?

1 reply
ohinckel
@ohinckel
Hi, we configured some services required MFA when authenticate against these services. While this works for CAS applications, it doesn't work for SAML application. In this case MFA is not triggered when the user authenticates earlier against a non-MFA application. Even when logging in without a service/application (which does not trigger MFA at all) and then logging into a MFA application, MFA is not triggered and user is directly redirected back to the application. We're using CAS 6.3.6 - this this intended behavior?
The log shows an authentication or services is required, but not available in the case of SAML applications:
[org.apereo.cas.authentication.mfa.trigger.RegisteredServiceMultifactorAuthenticationTrigger] - No service or authentication is available to determine event for principal
mwbi
@mwbi

Hey, can someone point me to a solution to solve this problem :

2022-05-18 16:30:15,542 ERROR [org.springframework.boot.SpringApplication] - <Application run failed>
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'casWebflowExecutionPlan' defined in class path resource [org/apereo/cas/web/flow/config/CasWebflowContextConfiguration$CasWebflowExecutionConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.web.flow.CasWebflowExecutionPlan]: Factory method 'casWebflowExecutionPlan' threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationThrottlingExecutionPlan' defined in class path resource [org/apereo/cas/config/CasThrottlingConfiguration$CasThrottlingPlanExecutionConfiguration.class]: Unsatisfied dependency expressed through method 'authenticationThrottlingExecutionPlan' parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationThrottlingExecutionPlanConfigurer' defined in class path resource [org/apereo/cas/config/CasThrottlingConfiguration$CasThrottlingPlanConfiguration.class]: Unsatisfied dependency expressed through method 'authenticationThrottlingExecutionPlanConfigurer' parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationThrottle' defined in class path resource [org/apereo/cas/config/CasThrottlingConfiguration$CasThrottlingInterceptorConfiguration.class]: Unsatisfied dependency expressed through method 'authenticationThrottle' parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'authenticationThrottlingConfigurationContext' defined in class path resource [org/apereo/cas/config/CasThrottlingConfiguration$CasThrottlingContextConfiguration.class]: Unsatisfied dependency expressed through method 'authenticationThrottlingConfigurationContext' parameter 4; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'throttledRequestExecutor' defined in class path resource [org/apereo/cas/config/CasBucket4jThrottlingConfiguration.class]: Unsatisfied dependency expressed through method 'throttledRequestExecutor' parameter 0; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'bucket4jThrottledRequestConsumer' defined in class path resource [org/apereo/cas/config/CasBucket4jThrottlingConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.bucket4j.consumer.BucketConsumer]: Factory method 'bucket4jThrottledRequestConsumer' threw exception; nested exception is java.lang.IllegalArgumentException: At list one limited bandwidth should be specified
at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:658) ~[spring-beans-5.3.19.jar:5.3.19]
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:638) ~[spring-beans-5.3.19.jar:5.3.19]

is there a sample configuration for cas.properties
mwbi
@mwbi
what is the correct setting for cas.authn.throttle.bucket4j.bandwidth=
stourwalk-work
@stourwalk-work
Has anyone been able to enable CORS successfully for the actuator endpoints (info/health/metrics etc). The documentation describes how to do it, but nothing seems to make it work (and I can't even find where in the code it attempts to enable it for those endpoints)
We're using 6.5 (but had the same problem with 6.4 fwiw)
Alizee-Me
@Alizee-Me

Hello, I'm trying to implement the validation of user by using a rest API, everything seems to working well, and the test was working well in 6.3, but now I've upgrade the version of apereo to 6.5.4 and the authentication is't not working anymore, there is this message in the console :
2022-05-19 09:14:45,946 ERROR [org.apereo.cas.adaptors.rest.RestAuthenticationHandler] - <Could not resolve subtype of [map type; class java.util.Map, [simple type, class java.lang.String] -> [collection type; class jav a.util.List, contains [simple type, class java.lang.Object]]]: missing type id property '@class' (for POJO property 'attributes') cas-portal | at [Source: (String)"{"@class":"org.apereo.cas.authentication.principal.SimplePrincipal","id":"casuser","attributes":{}}"; line: 1, column: 98] (through reference chain: org.apereo.cas.authentication.principal.SimplePrincipal["attributes"])>
Did anybody have an idea to fix this issue ?
Thanks :)

If needed here is my simple code to test the rest authentication :
$test = '{"@class":"org.apereo.cas.authentication.principal.SimplePrincipal","id":"casuser","attributes":{}}'; return new JsonResponse($test, 200, array('Content-Type' => 'application/json'), true);

Palmurugan
@palmuruganchandran
Hi is there any way to check the active users in the mongoDB authentication. I am using CAS 6.4.3
vbryandc
@vbryandc
Hello, does anyone have a detailed manual on how to start CAS in my local environment?
2 replies
Alizee-Me
@Alizee-Me

Hello, I'm trying to implement the validation of user by using a rest API, everything seems to working well, and the test was working well in 6.3, but now I've upgrade the version of apereo to 6.5.4 and the authentication is't not working anymore, there is this message in the console :
2022-05-19 09:14:45,946 ERROR [org.apereo.cas.adaptors.rest.RestAuthenticationHandler] - <Could not resolve subtype of [map type; class java.util.Map, [simple type, class java.lang.String] -> [collection type; class jav a.util.List, contains [simple type, class java.lang.Object]]]: missing type id property '@class' (for POJO property 'attributes') cas-portal | at [Source: (String)"{"@class":"org.apereo.cas.authentication.principal.SimplePrincipal","id":"casuser","attributes":{}}"; line: 1, column: 98] (through reference chain: org.apereo.cas.authentication.principal.SimplePrincipal["attributes"])>
Did anybody have an idea to fix this issue ?
Thanks :)

If needed here is my simple code to test the rest authentication :
$test = '{"@class":"org.apereo.cas.authentication.principal.SimplePrincipal","id":"casuser","attributes":{}}'; return new JsonResponse($test, 200, array('Content-Type' => 'application/json'), true);

I've found the solution, I removed ","attributes":{}" from my response and It's working now.
PS: I've followed this doc https://apereo.github.io/cas/6.5.x/authentication/Rest-Authentication.html and I didn't notice that an empty attributes will make it failed ^^'
PS2: The search bar of 6.5 version is only broken for me ?

Thanks ;)

vbryandc
@vbryandc

Can someone help me with this error:
>
2022-05-19 14:48:35,685 DEBUG [org.springframework.security.web.FilterChainProxy] - <Securing GET /oidc/accessToken?grant_type=client_credentials&client_id=client&client_secret=secret&scope=profile+app>
2022-05-19 14:48:35,685 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] - <Set SecurityContextHolder to empty SecurityContext>
2022-05-19 14:48:35,685 DEBUG [org.springframework.security.web.authentication.AnonymousAuthenticationFilter] - <Set SecurityContextHolder to anonymous SecurityContext>
2022-05-19 14:48:35,685 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] - <Authorized public object filter invocation [GET /oidc/accessToken?grant_type=client_credentials&client_id=client&client_secret=secret&scope=profile+app]>
2022-05-19 14:48:35,685 DEBUG [org.springframework.security.web.FilterChainProxy] - <Secured GET /oidc/accessToken?grant_type=client_credentials&client_id=client&client_secret=secret&scope=profile+app>
2022-05-19 14:48:35,687 DEBUG [org.apereo.cas.support.oauth.validator.token.BaseOAuth20TokenRequestValidator] - <Grant type received: [client_credentials]>
2022-05-19 14:48:35,687 WARN [org.apereo.cas.support.oauth.validator.token.BaseOAuth20TokenRequestValidator] - <Could not locate authenticated profile for this request. Request is not authenticated>
2022-05-19 14:48:35,687 ERROR [org.apereo.cas.support.oauth.web.endpoints.OAuth20AccessTokenEndpointController] - <Access token validation failed>
2022-05-19 14:48:35,688 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <Did not store anonymous SecurityContext>
2022-05-19 14:48:35,689 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository] - <Did not store anonymous SecurityContext>
2022-05-19 14:48:35,689 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter] - <Cleared SecurityContextHolder to complete request>

#########################################33

Testing from postman shows me this:
URL: https://localhost:8443/cas/oidc/accessToken?grant_type=client_credentials&client_id=client&client_secret=secret&scope=profile+app

{

"error": "invalid_grant"

}