将SSO与委派的Google身份验证一起使用时遇到麻烦。
我有两个站点A和B使用Cas服务器作为SSO服务
2019-07-03 00:28:24,630错误 [org.apereo.cas.authentication.PolicyBasedAuthenticationManager]- 身份验证失败。凭据可能不正确或CAS无法 查找支持的身份验证处理程序 [ClientCredential(credentials = null,clientName = Google, 类型为[ClientCredential]的typedIdUsed = true,userProfile = null)。 检查配置以确保身份验证方法是 在DEBUG级别定义和分析CAS日志以跟踪 验证事件。
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"clientId": "69438529176-ghio8mpe9c10oia1b5qbm1vdbe0sci95.apps.googleusercontent.com",
"clientSecret": "tihWWJ6zKIuvYSgl4Fk36w1g",
"serviceId" : "^http://127.0.0.1:8000/.*",
"name" : "Rating service",
"id" : 1994,
"allowedToProxy":true,
"enabled":true,
"ssoEnabled":true,
"anonymousAccess":false,
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"usernameAttributeProvider" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "username", "name", "given_name", "family_name", "email", "access_token", "picture"] ],
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : true
},
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"delegatedAuthenticationPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders" : [ "java.util.ArrayList", [ "Google" ] ]
},
"enabled" : true,
"ssoEnabled" : true,
"permitUndefined": true,
"exclusive": true
},
"publicKey" : {
"@class" : "org.apereo.cas.services.RegisteredServicePublicKeyImpl",
"location" : "classpath:public.key",
"algorithm" : "RSA"
}
}
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"clientId": "69438529176-ghio8mpe9c10oia1b5qbm1vdbe0sci95.apps.googleusercontent.com",
"clientSecret": "tihWWJ6zKIuvYSgl4Fk36w1g",
"serviceId" : "^http://ratingservice.com/.*",
"name" : "Rating service",
"allowedToProxy":true,
"enabled":true,
"ssoEnabled":true,
"anonymousAccess":false,
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"usernameAttributeProvider" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"id" : 100,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "username", "name", "given_name", "family_name", "email", "access_token", "picture"] ],
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : true
},
"accessStrategy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"delegatedAuthenticationPolicy" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy",
"allowedProviders" : [ "java.util.ArrayList", [ "Google" ] ]
},
"enabled" : true,
"ssoEnabled" : true,
"permitUndefined": true,
"exclusive": true
},
"publicKey" : {
"@class" : "org.apereo.cas.services.RegisteredServicePublicKeyImpl",
"location" : "classpath:public.key",
"algorithm" : "RSA"
}
}
cas.server.name: https://cas.topica.asia:8443
cas.server.prefix=${cas.server.name}/cas
logging.config: file:/etc/cas/config/log4j2.xml
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.json.location:file:etc/cas/services
cas.sso.proxyAuthnEnabled=true
cas.sso.renewAuthnEnabled=true
cas.authn.pac4j.name=pac4j
cas.authn.pac4j.google.id=780031468524-kj5cgs4eo0iqif079kdo350q5h7viftg.apps.googleusercontent.com
cas.authn.pac4j.google.secret=fN5dob1bG0CJZHgQk7tJEEi2
cas.authn.pac4j.google.clientName=Google
cas.authn.pac4j.google.autoRedirect=false
cas.authn.pac4j.google.scope=EMAIL_AND_PROFILE
cas.authn.pac4j.typedIdUsed=true
cas.authn.pac4j.principalAttributeId=
cas.logout.followServiceRedirects=true
logging.level.org.apereo.cas=DEBUG
cas.authn.mfa.globalFailureMode=NONE
cas.authn.accept.users=casuser::Mellon
cas.authn.accept.name=Static Credentials
请帮助我,我已经在这个问题上停留了一个月。 对不起,我的英语不好:(