我根据帖子https://apereo.github.io/2019/02/19/cas61-as-oauth-authz-server/配置了具有OAuth2.0协议(授权码授予类型)的CAS服务器
我的服务器配置(application.yml)
cas:
server:
name: https://casoauth.example.org:8443
prefix: ${cas.server.name}/cas
authn:
accept:
users: casuser::demo
oauth:
refreshToken:
timeToKillInSeconds: 2592000
code:
timeToKillInSeconds: 14400
numberOfUses: 10
accessToken:
timeToKillInSeconds: 14400
maxTimeToLiveInSeconds: 28800
grants:
resourceOwner:
requireServiceHeader: true
userProfileViewType: FLAT
ticket:
tgt:
maxTimeToLiveInSeconds: 28800
timeToKillInSeconds: 14400
st:
timeToKillInSeconds: 14400
serviceRegistry:
json:
location: classpath:/services
initFromJson: true
logging:
config: file:/etc/cas/config/log4j2.xml
level:
org:
apereo:
cas: DEBUG
用于注册应用程序的json
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "client1",
"clientSecret": "password1",
"serviceId": "^https://casoauth.example.org:9999/.*",
"name": "OAuthService",
"id": 1000,
"bypassApprovalPrompt": false,
"supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
"supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
}
应用配置
debug: true
server:
port: 9999
ssl:
keyStore: file:/etc/cas/thekeystore
keyStorePassword: changeit
keyPassword: changeit
security:
user:
password: user
ignored: /,/favicon.ico,/index.html,/home.html,/dashboard.html,/js/**,/css/**,/webjars/**
sessions: ALWAYS
oauth2:
sso:
loginPath: /dashboard/login
management:
security:
role: HERO
logging:
level:
org.springframework: INFO
com.netflix.discovery: 'OFF'
---
spring:
profiles: cas
security:
oauth2:
client:
clientId: client1
clientSecret: password1
accessTokenUri: https://casoauth.example.org:8443/cas/oauth2.0/accessToken
userAuthorizationUri: https://casoauth.example.org:8443/cas/oauth2.0/authorize
clientAuthenticationScheme: form
resource:
userInfoUri: https://casoauth.example.org:8443/cas/oauth2.0/profile
preferTokenInfo: false
在CAS服务器上进行身份验证后,我得到
Whitelabel错误页面
此应用程序没有针对/ error的显式映射,因此您将其视为备用。
CEST 2019年6月4日17:10:41 发生意外错误(类型=未经授权,状态= 401)。 身份验证失败:无法获取访问令牌
有什么想法吗?
答案 0 :(得分:0)
我遇到了这个问题。您应该将证书添加到受信任的证书中,问题将会解决。