AnsweredAssumed Answered

CAS SSO for ADF using ACS

Question asked by rsocorro on Sep 18, 2018

Hello adf community,

 

I'm using ADF 2.4.0, ACS 2.4.0, Apereo CAS 5.2.4, and Tomcat 7

 

My ADF is using ACS and running on a Tomcat7 server, I wanted to implement CAS as my SSO.

 

I'm using the SSO Login - Implicit flow from the login component documentation, configured my app.config.json, build my app, put the /dist folder in Tomcat. I can access the https://localhost/dist, then I select the login button, sign in sso screen appears, and then it redirects me to the CAS Login page, entered my credentials, (grant access.png) appears, and when I allow it, its redirecting me back to the adf screen, and when I try to access the document library, its redirecting me to the sign in sso screen again.

 

my app.config.json file

{
    "$schema": "../node_modules/@alfresco/adf-core/app.config.schema.json",
    "ecmHost": "http://{hostname}{:port}",
    "bpmHost": "http://{hostname}{:port}",
    "providers" : "ECM",
    "authType" :"OAUTH",
    "oauth2": {
      "host": "https://localhost/cas/oidc",
      "clientId": "clientid",
      "scope": "openid profile",
      "secret": "clientSecret",
      "implicitFlow": true,
      "silentLogin": false,
      "redirectUri": "/dist",
      "redirectUriLogout": "/logout"
    },
    "application": {
        "name": "Alfresco ADF Appplication"
    }
}

 

my hubnet_client-00015.json (CAS service)

{
  "@class" : "org.apereo.cas.services.OidcRegisteredService",
  "clientId": "clientid",
  "clientSecret": "clientSecret",
  "serviceId" : "^https://localhost/dist",
  "name" : "hubnet_client",
  "id" : "00015",
  "attributeReleasePolicy": {
      "@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
  },
  "scopes": [ "java.util.HashSet", [ "profile"]]
}

 

and my tomcat logs

2018-09-18 21:14:51,470 INFO [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] - <Configuration files found at [/etc/cas/config] are [[/etc/cas/config/application.properties, /etc/cas/config/application.yml, /etc/cas/config/cas.properties]]>
2018-09-18 21:14:51,500 INFO [org.apereo.cas.configuration.config.CasCoreBootstrapStandaloneConfiguration] - <Found and loaded [124] setting(s) from [/etc/cas/config]>
2018-09-18 21:14:51,501 INFO [org.springframework.cloud.bootstrap.config.PropertySourceBootstrapConfiguration] - <Located property source: PropertiesPropertySource {name='standaloneCasConfigService'}>
2018-09-18 21:14:54,307 WARN [org.apereo.cas.config.CasCoreTicketsConfiguration] - <Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during runtime will be LOST upon container restarts. This MAY impact SSO functionality.>
tail: unrecognized file system type 0x794c7630 for '/var/log/tomcat7/catalina.out'. please report this to bug-coreutils@gnu.org. reverting to polling
2018-09-18 21:14:59,578 WARN [org.apereo.cas.support.pac4j.config.support.authentication.Pac4jAuthenticationEventExecutionPlanConfiguration] - <No delegated authentication clients are defined/configured>
2018-09-18 21:15:05,487 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Found OpenID Connect scope [email] to filter attributes>
2018-09-18 21:15:05,487 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Found OpenID Connect scope [profile] to filter attributes>
2018-09-18 21:15:05,487 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Found OpenID Connect scope [phone] to filter attributes>
2018-09-18 21:15:05,488 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Found OpenID Connect scope [address] to filter attributes>
2018-09-18 21:15:05,488 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <OpenID Connect scope [custom] is not configured for use and will be ignored>
2018-09-18 21:15:05,491 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Configuring attributes release policies for user-defined scopes [[org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy@55889c1b[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@5acb3a8a[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@5e2731f2[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[cn, givenName, photos, customAttribute2],supportedClaims=[],scopeName=scope2], org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy@7865e851[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@691cdb02[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@6a00b3c1[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[cn, givenName, photos, customAttribute],supportedClaims=[],scopeName=scope1]]]>
2018-09-18 21:15:05,876 DEBUG [org.apereo.cas.oidc.jwks.OidcJsonWebKeystoreGeneratorService] - <Located JSON web keystore at [/etc/cas/keystore.jwks]>
2018-09-18 21:15:12,242 ERROR [org.apache.jasper.EmbeddedServletOptions] - <The scratchDir you specified: /usr/share/tomcat7/work/Catalina/localhost/cas is unusable.>
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deployment of web application archive /var/lib/tomcat7/webapps/cas.war has finished in 32,437 ms
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/manager
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.TldConfig execute
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Sep 18, 2018 9:15:12 PM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified: /usr/share/tomcat7/work/Catalina/localhost/manager is unusable.
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory /var/lib/tomcat7/webapps/manager has finished in 276 ms
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/host-manager
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.TldConfig execute
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Sep 18, 2018 9:15:12 PM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified: /usr/share/tomcat7/work/Catalina/localhost/host-manager is unusable.
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory /var/lib/tomcat7/webapps/host-manager has finished in 146 ms
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/dist
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.TldConfig execute
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Sep 18, 2018 9:15:12 PM org.apache.jasper.EmbeddedServletOptions <init>
SEVERE: The scratchDir you specified: /usr/share/tomcat7/work/Catalina/localhost/dist is unusable.
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory /var/lib/tomcat7/webapps/dist has finished in 147 ms
Sep 18, 2018 9:15:12 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Sep 18, 2018 9:15:12 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Sep 18, 2018 9:15:12 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 33152 ms
2018-09-18 21:15:26,154 DEBUG [org.apereo.cas.oidc.web.OidcCasClientRedirectActionBuilder] - <Final redirect action is [#RedirectAction# | type: REDIRECT | location: https://localhost/cas/login?service=https%3A%2F%2Flocalhost%2Fcas%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient%26client_id%3Dclientid%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%252Fdist%26response_type%3Did_token%2Btoken | content: null |]>
2018-09-18 21:15:26,267 INFO [org.apereo.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: [/cas/] >
2018-09-18 21:15:26,335 WARN [org.apereo.cas.support.pac4j.web.flow.DelegatedClientAuthenticationAction] - <No clients could be determined based on the provided configuration>
2018-09-18 21:15:26,353 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Tue Sep 18 21:15:26 UTC 2018,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Sep 18 21:15:26 UTC 2018
CLIENT IP ADDRESS: 172.17.0.1
SERVER IP ADDRESS: 172.17.0.5
=============================================================

 

>
2018-09-18 21:15:27,246 DEBUG [org.apereo.cas.oidc.profile.OidcRegisteredServicePreProcessorEventListener] - <Attempting to reconcile scopes and attributes for service [^https://localhost/dist] of type [OidcRegisteredService]>
2018-09-18 21:15:27,247 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Reconciling OpenId Connect scopes and claims for [^https://localhost/dist]>
2018-09-18 21:15:27,254 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Reviewing scope [profile] for [^https://localhost/dist]>
2018-09-18 21:15:27,255 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Mapped [profile] to attribute release policy [OidcProfileScopeAttributeReleasePolicy]>
2018-09-18 21:15:27,256 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Scope/claim reconciliation for service [^https://localhost/dist] resulted in the following attribute release policy [org.apereo.cas.services.ChainingAttributeReleasePolicy@4c4a97cb[policies=[org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy@54df510d[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@23d1e61a[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@3a88b178[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at],supportedClaims=[],scopeName=profile]]]]>
2018-09-18 21:15:27,258 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <No changes detected in service [15] after scope/claim reconciliation>
2018-09-18 21:15:38,733 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: rsocorro@massey.ac.nz
WHAT: Supplied credentials: [rsocorro@massey.ac.nz]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Tue Sep 18 21:15:38 UTC 2018
CLIENT IP ADDRESS: 172.17.0.1
SERVER IP ADDRESS: 172.17.0.5
=============================================================

 

>
2018-09-18 21:15:38,859 DEBUG [org.apereo.cas.oidc.web.flow.OidcAuthenticationContextWebflowEventEventResolver] - <No ACR provided in the authentication request>
2018-09-18 21:15:38,885 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: rsocorro@massey.ac.nz
WHAT: TGT-1-*********************************************************lqcbcFrpaQ-d3ecd0316f6a
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Sep 18 21:15:38 UTC 2018
CLIENT IP ADDRESS: 172.17.0.1
SERVER IP ADDRESS: 172.17.0.5
=============================================================

 

>
2018-09-18 21:15:38,929 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: rsocorro@massey.ac.nz
WHAT: ST-1-vQlj2m44ENrkpWGIBQ6LLsK9Iwk-d3ecd0316f6a for https://localhost/cas/oauth2.0/callbackAuthorize?client_name=CasOAuthClient&client_id=clientid&redirect_uri=https%3A%2F%2F...
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Sep 18 21:15:38 UTC 2018
CLIENT IP ADDRESS: 172.17.0.1
SERVER IP ADDRESS: 172.17.0.5
=============================================================

 

>
2018-09-18 21:15:39,311 DEBUG [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Attempting to map and filter claims based on resolved attributes [{}]>
2018-09-18 21:15:39,312 DEBUG [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <[OidcProfileScopeAttributeReleasePolicy] is designed to allow claims [[name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at]] for scope [profile]. After cross-checking with supported claims [[]], the final collection of allowed attributes is [[]]>
2018-09-18 21:15:39,328 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: rsocorro@massey.ac.nz
WHAT: ST-1-vQlj2m44ENrkpWGIBQ6LLsK9Iwk-d3ecd0316f6a
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Tue Sep 18 21:15:39 UTC 2018
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

 

>
2018-09-18 21:15:39,474 WARN [org.apereo.cas.support.oauth.util.OAuth20Utils] - <Registered service [hubnet_client] does not define any authorized/supported response types. It is STRONGLY recommended that you authorize and assign response types to the service definition. While just a warning for now, this behavior will be enforced by CAS in future versions.>
2018-09-18 21:17:27,319 DEBUG [org.apereo.cas.oidc.profile.OidcRegisteredServicePreProcessorEventListener] - <Attempting to reconcile scopes and attributes for service [^https://localhost/dist] of type [OidcRegisteredService]>
2018-09-18 21:17:27,321 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Reconciling OpenId Connect scopes and claims for [^https://localhost/dist]>
2018-09-18 21:17:27,322 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Reviewing scope [profile] for [^https://localhost/dist]>
2018-09-18 21:17:27,323 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Mapped [profile] to attribute release policy [OidcProfileScopeAttributeReleasePolicy]>
2018-09-18 21:17:27,323 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <Scope/claim reconciliation for service [^https://localhost/dist] resulted in the following attribute release policy [org.apereo.cas.services.ChainingAttributeReleasePolicy@3b930917[policies=[org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy@2d192f3e[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@134b8bb3[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@6ef121b7[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at],supportedClaims=[],scopeName=profile]]]]>
2018-09-18 21:17:27,327 DEBUG [org.apereo.cas.oidc.profile.OidcProfileScopeToAttributesFilter] - <No changes detected in service [15] after scope/claim reconciliation>
2018-09-18 21:18:16,600 WARN [org.apereo.cas.support.oauth.util.OAuth20Utils] - <Registered service [hubnet_client] does not define any authorized/supported response types. It is STRONGLY recommended that you authorize and assign response types to the service definition. While just a warning for now, this behavior will be enforced by CAS in future versions.>
2018-09-18 21:18:16,627 DEBUG [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <Attempting to map and filter claims based on resolved attributes [{credentialType=UsernamePasswordCredential}]>
2018-09-18 21:18:16,627 DEBUG [org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy] - <[OidcProfileScopeAttributeReleasePolicy] is designed to allow claims [[name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at]] for scope [profile]. After cross-checking with supported claims [[]], the final collection of allowed attributes is [[]]>
2018-09-18 21:18:16,641 DEBUG [org.apereo.cas.oidc.token.OidcIdTokenGeneratorService] - <Attempting to produce claims for the id token [AT-1-yooIErucGefjgHjZin1L4wWD-G7ji2tL]>
2018-09-18 21:18:16,644 DEBUG [org.apereo.cas.oidc.token.OidcIdTokenGeneratorService] - <Digesting access token hash via algorithm [SHA-256]>
2018-09-18 21:18:16,647 DEBUG [org.apereo.cas.oidc.token.OidcIdTokenGeneratorService] - <Produce claims for the id token [AT-1-yooIErucGefjgHjZin1L4wWD-G7ji2tL] as [JWT Claims Set:{jti=d2a7608b-fd81-433b-8cdc-3ca46df051d8, iss=http://localhost:8080/cas/oidc, aud=clientid, exp=1537334296, iat=1537305496, nbf=1537305196, sub=rsocorro@massey.ac.nz, amr=[LdapAuthenticationHandler], state=, nonce=ahWcYAmxBC9G2YzHRXP3TaGywTyrPCJ0YFxC7a65, at_hash=3YPmliNoCRwLlgIE7U3ljg, preferred_username=rsocorro@massey.ac.nz}]>
2018-09-18 21:18:16,648 DEBUG [org.apereo.cas.oidc.token.OidcIdTokenSigningAndEncryptionService] - <Attempting to produce id token generated for service [org.apereo.cas.services.OidcRegisteredService@3ae3b3e9[policies=[org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy@2d192f3e[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@134b8bb3[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@6ef121b7[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at],supportedClaims=[],scopeName=profile]]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@33603a8b[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@ef1907c,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@2c302173[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@7cf3e58[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=<null>,clientId=clientid,approvalPrompt=false,generateRefreshToken=false,jsonFormat=true,supportedResponseTypes=[],supportedGrantTypes=[],jwks=<null>,implicit=false,signIdToken=true,idTokenEncryptionAlg=<null>,idTokenEncryptionEncoding=<null>,encryptIdToken=false,dynamicallyRegistered=false,scopes=[profile],sectorIdentifierUri=<null>,subjectType=<null>]]>
2018-09-18 21:18:16,650 DEBUG [org.apereo.cas.oidc.token.OidcIdTokenSigningAndEncryptionService] - <Generated claims to put into id token are [{"jti":"d2a7608b-fd81-433b-8cdc-3ca46df051d8","iss":"http://localhost:8080/cas/oidc","aud":"clientid","exp":1537334296,"iat":1537305496,"nbf":1537305196,"sub":"rsocorro@massey.ac.nz","amr":["LdapAuthenticationHandler"],"state":"","nonce":"ahWcYAmxBC9G2YzHRXP3TaGywTyrPCJ0YFxC7a65","at_hash":"3YPmliNoCRwLlgIE7U3ljg","preferred_username":"rsocorro@massey.ac.nz"}]>
2018-09-18 21:18:16,653 DEBUG [org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader] - <Loading default JSON web key from [file [/etc/cas/keystore.jwks]]>
2018-09-18 21:18:16,654 DEBUG [org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader] - <Retrieving default JSON web key from [file [/etc/cas/keystore.jwks]]>
2018-09-18 21:18:16,654 DEBUG [org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader] - <Retrieved JSON web key from [file [/etc/cas/keystore.jwks]] as [{"keys":[{"kty":"RSA","n":"h7P3SAuYZ7nH1gwG-w7-6HYSq7DAOxYUmUlKztKjkE84hl7oZTiod8oyvJDuJZxoTPFxuUnyDz5oUNaLiuh1L00yKDJHr0tOxxBdx-H8DCdLO5PdtHyOO2JeUn4_Dw-FMACgDYgoh8dloI9whK_w09O1UJM43suXA_09DWJS1igNQMFkCWMW8Q1DSlyBgSBEAts2HAMEIw_YI565Jc3Q1z35Wxw2XHFPPFjIDBTVHML4p9YPj-3VD8lYwbeIS5ykRlnXH7-8jSYpU7u2CavwuspxtfKIKonWM7xBVFKLIv4G4FHdOCoLw6C4qxlwtrnoeKARG7AUyfjsrw3GU_MgUw","e":"AQAB","d":"IcHsHtj7lboKcz3UsrmdQdi1dk5m04v_nc40tNSDac-7QPn1F9ELX5lGG9B13ZdV_uYFI1G4zH_61Tk5x1liZVzvwD4ZxQqX0z9IBQQ7fg58UZrMCSz--NjUm_LZ3vY-bJ2LMzKO2pAIwPNNy0Q1RYyhyySEfi_pJk3l1SGDd9BqtZ9uj-wWl97PC_9TJYLWXrs1mt7dMi1QLKbMg4hNmNZ-qG6kun94Dpx5ulUO6qNRtLk3miqzt_mNzpOUWcW29kvXAFeFdu1zD6XJ-koXXQW8Tay3zoIL7bjnI2Rqnzdhm2_MBmn6VeKSTjOhS92yxr2Y97KTXmcOlWwbA318kQ","p":"3X8QqZ91RJuOwF4y_GWHWvC0Wff7hi_OAO3np1sgIlWkjAlTPGTPoWk0s0HcN7lXCUSA8ovwhBL569es2Y1Ni1I6_hL0JXbqgHKVIy8zq_S-AW49ExL4vOnlMOeJjE87Myp32MWbBWNU_WKAWnGkY9gHBhJWFhGkAB66StFU5ws","q":"nNeX4jrntIfwv9YIBiOPDRFvoudEtyuDAEXTkTKZ8QEyjSJXuf4ZEraBte7v8Gm29PY3UgGE-SLqkCIYE_0KOtr704kWzw9HM4g-ptNvFosValaMJuOwBq84C7moERhZn0Q0kTPbqF3dBmiV1Cdr_4JdSJIM1MtbTLAQ5X5e2Nk","dp":"XjWkfbEwLL1Ja3LllssMVlbZLwc1-W4t3eFSzbEJqvDoaxOwTpjGY24fFzulEiKH7Y4wlnmFFHgJyxFSGLpsSBzysIyZQbIhrf6OhoeWH8aaZntgCNPh7mBBtppUu9QbZvjiPtZVyGXmiVuzIkUB2eHRovh7mylnqxFmxVniFd8","dq":"PN-AV5G9NFg-nHYZjyhl8RB_X56bEOyWX5i6UHRvQxbP4-8cVVfFq3miRlaCUbD2DYUyW2Wzkm5205In_joLqmQrsSJX8-1eGSYcCuutBfbdTPRiWQWt4CpJemOIU3o77pCuRlz2OBaWHlKhNEJIrFaQlgX5bO2wdccwB6JQdaE","qi":"NX-Sth6OBKO6d9f3vI4UJSO0fDx6_IFTVtmWHb7OH1cCkafpK0ciFnNMRU_f-3CpRFkpXRjIyd2uSZzP0LO4MQH1CSlSuNktj6L93zTwXP575dbjCmH2yGNvkSFKjGsflpweCk2PBsvGuLtjDgWAlvAn9NN13NOProfVc5hoI9Y"}]}]>
2018-09-18 21:18:16,656 WARN [org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader] - <Located JSON web key [org.jose4j.jwk.RsaJsonWebKey{kty=RSA, n=h7P3SAuYZ7nH1gwG-w7-6HYSq7DAOxYUmUlKztKjkE84hl7oZTiod8oyvJDuJZxoTPFxuUnyDz5oUNaLiuh1L00yKDJHr0tOxxBdx-H8DCdLO5PdtHyOO2JeUn4_Dw-FMACgDYgoh8dloI9whK_w09O1UJM43suXA_09DWJS1igNQMFkCWMW8Q1DSlyBgSBEAts2HAMEIw_YI565Jc3Q1z35Wxw2XHFPPFjIDBTVHML4p9YPj-3VD8lYwbeIS5ykRlnXH7-8jSYpU7u2CavwuspxtfKIKonWM7xBVFKLIv4G4FHdOCoLw6C4qxlwtrnoeKARG7AUyfjsrw3GU_MgUw, e=AQAB}] has no algorithm defined>
2018-09-18 21:18:16,657 WARN [org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader] - <Located JSON web key [org.jose4j.jwk.RsaJsonWebKey{kty=RSA, n=h7P3SAuYZ7nH1gwG-w7-6HYSq7DAOxYUmUlKztKjkE84hl7oZTiod8oyvJDuJZxoTPFxuUnyDz5oUNaLiuh1L00yKDJHr0tOxxBdx-H8DCdLO5PdtHyOO2JeUn4_Dw-FMACgDYgoh8dloI9whK_w09O1UJM43suXA_09DWJS1igNQMFkCWMW8Q1DSlyBgSBEAts2HAMEIw_YI565Jc3Q1z35Wxw2XHFPPFjIDBTVHML4p9YPj-3VD8lYwbeIS5ykRlnXH7-8jSYpU7u2CavwuspxtfKIKonWM7xBVFKLIv4G4FHdOCoLw6C4qxlwtrnoeKARG7AUyfjsrw3GU_MgUw, e=AQAB}] has no key id defined>
2018-09-18 21:18:16,662 WARN [org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader] - <Located JSON web key [org.jose4j.jwk.RsaJsonWebKey{kty=RSA, n=h7P3SAuYZ7nH1gwG-w7-6HYSq7DAOxYUmUlKztKjkE84hl7oZTiod8oyvJDuJZxoTPFxuUnyDz5oUNaLiuh1L00yKDJHr0tOxxBdx-H8DCdLO5PdtHyOO2JeUn4_Dw-FMACgDYgoh8dloI9whK_w09O1UJM43suXA_09DWJS1igNQMFkCWMW8Q1DSlyBgSBEAts2HAMEIw_YI565Jc3Q1z35Wxw2XHFPPFjIDBTVHML4p9YPj-3VD8lYwbeIS5ykRlnXH7-8jSYpU7u2CavwuspxtfKIKonWM7xBVFKLIv4G4FHdOCoLw6C4qxlwtrnoeKARG7AUyfjsrw3GU_MgUw, e=AQAB}] has no algorithm defined>
2018-09-18 21:18:16,663 WARN [org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader] - <Located JSON web key [org.jose4j.jwk.RsaJsonWebKey{kty=RSA, n=h7P3SAuYZ7nH1gwG-w7-6HYSq7DAOxYUmUlKztKjkE84hl7oZTiod8oyvJDuJZxoTPFxuUnyDz5oUNaLiuh1L00yKDJHr0tOxxBdx-H8DCdLO5PdtHyOO2JeUn4_Dw-FMACgDYgoh8dloI9whK_w09O1UJM43suXA_09DWJS1igNQMFkCWMW8Q1DSlyBgSBEAts2HAMEIw_YI565Jc3Q1z35Wxw2XHFPPFjIDBTVHML4p9YPj-3VD8lYwbeIS5ykRlnXH7-8jSYpU7u2CavwuspxtfKIKonWM7xBVFKLIv4G4FHdOCoLw6C4qxlwtrnoeKARG7AUyfjsrw3GU_MgUw, e=AQAB}] has no key id defined>
2018-09-18 21:18:16,664 WARN [org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader] - <Located JSON web key [org.jose4j.jwk.RsaJsonWebKey{kty=RSA, n=h7P3SAuYZ7nH1gwG-w7-6HYSq7DAOxYUmUlKztKjkE84hl7oZTiod8oyvJDuJZxoTPFxuUnyDz5oUNaLiuh1L00yKDJHr0tOxxBdx-H8DCdLO5PdtHyOO2JeUn4_Dw-FMACgDYgoh8dloI9whK_w09O1UJM43suXA_09DWJS1igNQMFkCWMW8Q1DSlyBgSBEAts2HAMEIw_YI565Jc3Q1z35Wxw2XHFPPFjIDBTVHML4p9YPj-3VD8lYwbeIS5ykRlnXH7-8jSYpU7u2CavwuspxtfKIKonWM7xBVFKLIv4G4FHdOCoLw6C4qxlwtrnoeKARG7AUyfjsrw3GU_MgUw, e=AQAB}] has no algorithm defined>
2018-09-18 21:18:16,664 WARN [org.apereo.cas.oidc.jwks.OidcDefaultJsonWebKeystoreCacheLoader] - <Located JSON web key [org.jose4j.jwk.RsaJsonWebKey{kty=RSA, n=h7P3SAuYZ7nH1gwG-w7-6HYSq7DAOxYUmUlKztKjkE84hl7oZTiod8oyvJDuJZxoTPFxuUnyDz5oUNaLiuh1L00yKDJHr0tOxxBdx-H8DCdLO5PdtHyOO2JeUn4_Dw-FMACgDYgoh8dloI9whK_w09O1UJM43suXA_09DWJS1igNQMFkCWMW8Q1DSlyBgSBEAts2HAMEIw_YI565Jc3Q1z35Wxw2XHFPPFjIDBTVHML4p9YPj-3VD8lYwbeIS5ykRlnXH7-8jSYpU7u2CavwuspxtfKIKonWM7xBVFKLIv4G4FHdOCoLw6C4qxlwtrnoeKARG7AUyfjsrw3GU_MgUw, e=AQAB}] has no key id defined>
2018-09-18 21:18:16,665 DEBUG [org.apereo.cas.oidc.token.OidcIdTokenSigningAndEncryptionService] - <Found JSON web key to sign the id token: [org.jose4j.jwk.RsaJsonWebKey{kty=RSA, n=h7P3SAuYZ7nH1gwG-w7-6HYSq7DAOxYUmUlKztKjkE84hl7oZTiod8oyvJDuJZxoTPFxuUnyDz5oUNaLiuh1L00yKDJHr0tOxxBdx-H8DCdLO5PdtHyOO2JeUn4_Dw-FMACgDYgoh8dloI9whK_w09O1UJM43suXA_09DWJS1igNQMFkCWMW8Q1DSlyBgSBEAts2HAMEIw_YI565Jc3Q1z35Wxw2XHFPPFjIDBTVHML4p9YPj-3VD8lYwbeIS5ykRlnXH7-8jSYpU7u2CavwuspxtfKIKonWM7xBVFKLIv4G4FHdOCoLw6C4qxlwtrnoeKARG7AUyfjsrw3GU_MgUw, e=AQAB}]>
2018-09-18 21:18:16,666 DEBUG [org.apereo.cas.oidc.token.OidcIdTokenSigningAndEncryptionService] - <Service [org.apereo.cas.services.OidcRegisteredService@3ae3b3e9[policies=[org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy@2d192f3e[attributeFilter=<null>,principalAttributesRepository=org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository@134b8bb3[],authorizedToReleaseCredentialPassword=false,authorizedToReleaseAuthenticationAttributes=true,authorizedToReleaseProxyGrantingTicket=false,excludeDefaultAttributes=false,principalIdAttribute=<null>,consentPolicy=org.apereo.cas.services.consent.DefaultRegisteredServiceConsentPolicy@6ef121b7[excludedAttributes=<null>,includeOnlyAttributes=<null>,enabled=true],allowedAttributes=[name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at],supportedClaims=[],scopeName=profile]]],accessStrategy=org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy@33603a8b[enabled=true,ssoEnabled=true,requireAllAttributes=true,requiredAttributes={},unauthorizedRedirectUrl=<null>,caseInsensitive=false,rejectedAttributes={}],publicKey=<null>,proxyPolicy=org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy@ef1907c,logo=<null>,logoutUrl=<null>,requiredHandlers=[],properties={},multifactorPolicy=org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy@2c302173[multifactorAuthenticationProviders=[],failureMode=NOT_SET,principalAttributeNameTrigger=<null>,principalAttributeValueToMatch=<null>,bypassEnabled=false],informationUrl=<null>,privacyUrl=<null>,contacts=[],expirationPolicy=org.apereo.cas.services.DefaultRegisteredServiceExpirationPolicy@7cf3e58[deleteWhenExpired=false,notifyWhenDeleted=false,expirationDate=<null>,clientId=clientid,approvalPrompt=false,generateRefreshToken=false,jsonFormat=true,supportedResponseTypes=[],supportedGrantTypes=[],jwks=<null>,implicit=false,signIdToken=true,idTokenEncryptionAlg=<null>,idTokenEncryptionEncoding=<null>,encryptIdToken=false,dynamicallyRegistered=false,scopes=[profile],sectorIdentifierUri=<null>,subjectType=<null>]] is set to sign id tokens>
2018-09-18 21:18:16,666 DEBUG [org.apereo.cas.oidc.token.OidcIdTokenSigningAndEncryptionService] - <Signing id token with key id header value [null]>
2018-09-18 21:18:16,667 DEBUG [org.apereo.cas.oidc.token.OidcIdTokenSigningAndEncryptionService] - <Signing id token with algorithm [RS256]>
2018-09-18 21:18:16,703 DEBUG [org.apereo.cas.oidc.web.OidcImplicitIdTokenAuthorizationResponseBuilder] - <Generated id token [eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkMmE3NjA4Yi1mZDgxLTQzM2ItOGNkYy0zY2E0NmRmMDUxZDgiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvY2FzL29pZGMiLCJhdWQiOiJjbGllbnRpZCIsImV4cCI6MTUzNzMzNDI5NiwiaWF0IjoxNTM3MzA1NDk2LCJuYmYiOjE1MzczMDUxOTYsInN1YiI6InJzb2NvcnJvQG1hc3NleS5hYy5ueiIsImFtciI6WyJMZGFwQXV0aGVudGljYXRpb25IYW5kbGVyIl0sInN0YXRlIjoiIiwibm9uY2UiOiJhaFdjWUFteEJDOUcyWXpIUlhQM1RhR3l3VHlyUENKMFlGeEM3YTY1IiwiYXRfaGFzaCI6IjNZUG1saU5vQ1J3TGxnSUU3VTNsamciLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJyc29jb3Jyb0BtYXNzZXkuYWMubnoifQ.KvvYvdUnlPvJ5edQI-RJD60zxNDZJN45lVkNqv13dyzsViu7VAE93797zUKE3oGDnB0dfA5lK1Mz9aGfucxn1Wly6v2AU14MqgBp0BfrhEFs6kkrGakEviv8OAUxNG-zv54a5s7LCqtEuYurtX7pvLhG8L90RqK5tLul0miUbN8tpDpsUcZEExzR9MaYgzXqJb7SWbMUW6QjrH-DX3KKUkJ9ltihAiS9dzgQXGUHAruNCbV73H-ZX27ihHea8C-a7y9v1yHccLwhC-E1l-KTwLiROjhCBX3j3oOsjQL6oANZIjVTV9K-WbqhQLdJ5WC_uMcDLWRLIArUFdf1KKGfcw]>

 

my console log

ERROR Error: "Uncaught (in promise): session state not present"

resolvePromisehttps://localhost/dist/polyfills.bundle.js:10936:31

resolvePromisehttps://localhost/dist/polyfills.bundle.js:10907:17

scheduleResolveOrRejecthttps://localhost/dist/polyfills.bundle.js:10984:17

invokeTaskhttps://localhost/dist/polyfills.bundle.js:10577:17

onInvokeTaskhttps://localhost/dist/vendor.bundle.js:94643:24

invokeTaskhttps://localhost/dist/polyfills.bundle.js:10576:17

runTaskhttps://localhost/dist/polyfills.bundle.js:10344:28

drainMicroTaskQueuehttps://localhost/dist/polyfills.bundle.js:10748:25

invokeTaskhttps://localhost/dist/polyfills.bundle.js:10655:21

invokeTaskhttps://localhost/dist/polyfills.bundle.js:11517:9

globalZoneAwareCallbackhttps://localhost/dist/polyfills.bundle.js:11535:17

Attachments

Outcomes