我正在使用5.3版本,并且已配置CAS以将身份验证委派给外部Oauth服务器。我的cas.properties如下:
cas.authn.pac4j.oauth2[0].clientName=oauth1
cas.authn.pac4j.oauth2[0].id=
cas.authn.pac4j.oauth2[0].secret=
cas.authn.pac4j.oauth2[0].authUrl=https://xxxxxxxxxxx/sso/oauth/controller/Server/action/authorize/
cas.authn.pac4j.oauth2[0].tokenUrl=https://xxxxxxxx/sso/oauth/controller/Server/action/token/
cas.authn.pac4j.oauth2[0].profileUrl=https://xxxxxxxx/sso/oauth/controller/Server/action/profile/?fields=username
cas.authn.pac4j.oauth2[0].principalAttributeId=username
关于服务(JSON),这是配置:
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: ID
name: name
theme: default
id: 1
description: name
logoutType: FRONT_CHANNEL
attributeReleasePolicy:
{
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
}
logoutUrl: https://yyyyyy/logout
accessStrategy:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
order: 0
enabled: true
ssoEnabled: true
delegatedAuthenticationPolicy:
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy"
"allowedProviders" : [ "java.util.ArrayList", [ "oauth1" ] ]
}
requireAllAttributes: false
caseInsensitive: false
}
}
CAS能够从Oauth协议正确获取信息,但是当它尝试获取Principal时,答案总是:
2019-10-31 14:37:41,070 DEBUG [org.apereo.cas.authentication.DefaultAuthenticationBuilder] - <Recording authentication handler result success under key [ClientAuthenticationHandler]>
2019-10-31 14:37:41,070 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication handler [ClientAuthenticationHandler] successfully authenticated [ClientCredential(typedIdUsed=false, userProfile=#OAuth20Profile# | id: null | attributes: {access_token=8b2eaaa3c8d3d51233df5da4047889c8530a7df4, username=apotheke_alphega} | roles: [] | permissions: [] | isRemembered: false | clientName: oauth1 | linkedId: null |, credentials=#OAuth20Credentials# | code: 5f0d498cfc347b66de544d98ce309d5f1f200716 | accessToken: com.github.scribejava.core.model.OAuth2AccessToken@3b3a98c |, clientName=oauth1)]>
2019-10-31 14:37:41,074 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Configured single-row JDBC attribute repository for [jdbc:mysql://b2bde-uat-db02.mysql.database.azure.com/lr_b2b_core?useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC&useSSL=true]>
2019-10-31 14:37:41,086 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[ClientAuthenticationHandler] is configured to use [ChainingPrincipalResolver(principalFactory=org.apereo.cas.authentication.principal.DefaultPrincipalFactory@1, chain=[EchoingPrincipalResolver(), PersonDirectoryPrincipalResolver(attributeRepository=org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl@63f2c17b, principalFactory=org.apereo.cas.authentication.principal.DefaultPrincipalFactory@1, returnNullIfNoAttributes=true, principalNameTransformer=org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver$$Lambda$130/1783977388@2488625b, principalAttributeNames=username, useCurrentPrincipalId=true)])] but it does not support [ClientCredential(typedIdUsed=false, userProfile=#OAuth20Profile# | id: null | attributes: {access_token=8b2eaaa3c8d3d51233df5da40478df4, username=user} | roles: [] | permissions: [] | isRemembered: false | clientName: oauth1 | linkedId: null |, credentials=#OAuth20Credentials# | code: 5f0d498cfc347b66de544d98ce30916 | accessToken: com.github.scribejava.core.model.OAuth2AccessToken@3b3a98c |, clientName=oauth1)], which suggests a configuration problem.>
2019-10-31 14:37:41,087 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Principal resolution handled by [$Proxy401] produced a null principal. This is likely due to misconfiguration or missing attributes; CAS will attempt to use the principal produced by the authentication handler, if any.>
2019-10-31 14:37:41,087 WARN [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Principal resolution for authentication by [ClientAuthenticationHandler] produced a null principal.>
2019-10-31 14:37:41,087 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Final principal resolved for this authentication event is [null]>
你能帮我吗?我非常封锁,找不到任何真实的例子
亲切问候