You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by alexandre kettaneh <al...@phloeme.com> on 2013/03/20 19:36:20 UTC
Oauth with CAS Jasig
Hello,
I'm trying to make OAuth working between Shindig 2.5.0 beta 5 and a CAS
Jasig Server 3.5.2 with OAuth Server support.
The Oauth samples work great out of the box, using Shindig OAuth provider
or Google's.
But when I use my Cas Server everything seems to work until the last part
of the oauth flow where I get an error on SHINDIG:
"
INFO: The security token or credential is malformed and cannot be parsed.
org.apache.shindig.social.core.oauth2.OAuth2Exception: Access token is
invalid.
"
Shindig & Cas are deployed on 2 differents servers & I stored CAS
Certificate into Shindig's server Java Keystore.
When opening the session on the CAS Server, I can see in the console:
"
=============================================================
WHO: [username: john.doe]
WHAT:
TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Mar 20 18:11:28 CET 2013
CLIENT IP ADDRESS: XXXXXXXXXXx
SERVER IP ADDRESS: YYYYYYYYYY
=============================================================
"
The Service Ticket is found when AccessToken is called & CAS returns the
TGT back to Shindig.
This is where I get the Shindig Error with "The security
token.....malformed and cannot be passed"
I tried to log everything using FINE log level but I just can see only this
INFO message related to the token problem.
I don't know if the ticket provided by CAS is good (
TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com)
or if I have a credential problem.
I defined also a shindig.signing.state-key :is there a link?
My Oauth client config in oauth2.json is:
"providerName" : "shindigOAuth2Provider",
"redirect_uri" : "%origin%%contextRoot%/gadgets/oauth2callback",
"type" : "confidential",
"grant_type" : "code",
"client_id" : "shindigClient",
"client_secret" : "phloemesecret"
The OAuth provider config in oauth2.json is:
"client_authentication" : "STANDARD",
"usesAuthorizationHeader" : "false",
"usesUrlParameter" : "true",
"endpoints" : {
"authorizationUrl" : "https://xxxxxxxxx/cas/oauth2.0/authorize
",
"tokenUrl" : "
https://xxxxxxxxx/cas/oauth2.0/accessToken"
I'm stuck... any idea?
Thanks for your answers
Regards,
Alexandre
Re: Oauth with CAS Jasig
Posted by alexandre kettaneh <al...@phloeme.com>.
Hi,
you'll find enclosed the log file produced with Finest.
I see that just before the exception, there's a refresh_token with no value.
I don't know what is this token & if my problem is related to it.
Thanks for your help.
Regards,
Alexandre
2013/3/20 A Clarke <cl...@gmail.com>
> Hi Alexandre,
>
> You should try tracing with FINEST, at least for
> org.apache.shindig.gadgets.oauth2.* and
> org.apache.shindig.gadgets.servlet.OAuth2CallbackServlet
>
> Your exception is strange to me ...
> org.apache.shindig.social.core.oauth2.OAuth2Exception , that's coming from
> the OAuth2 provider.
>
> If it's in the provider I'd suggest tracing FINEST on
> org.apache.shindig.social.core.oauth2.* as well.
>
>
> On Wed, Mar 20, 2013 at 2:36 PM, alexandre kettaneh <
> alexandre.kettaneh@phloeme.com> wrote:
>
> > Hello,
> > I'm trying to make OAuth working between Shindig 2.5.0 beta 5 and a CAS
> > Jasig Server 3.5.2 with OAuth Server support.
> > The Oauth samples work great out of the box, using Shindig OAuth provider
> > or Google's.
> >
> > But when I use my Cas Server everything seems to work until the last part
> > of the oauth flow where I get an error on SHINDIG:
> >
> > "
> > INFO: The security token or credential is malformed and cannot be parsed.
> > org.apache.shindig.social.core.oauth2.OAuth2Exception: Access token is
> > invalid.
> > "
> > Shindig & Cas are deployed on 2 differents servers & I stored CAS
> > Certificate into Shindig's server Java Keystore.
> >
> > When opening the session on the CAS Server, I can see in the console:
> > "
> > =============================================================
> > WHO: [username: john.doe]
> > WHAT:
> >
> TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com
> > ACTION: TICKET_GRANTING_TICKET_CREATED
> > APPLICATION: CAS
> > WHEN: Wed Mar 20 18:11:28 CET 2013
> > CLIENT IP ADDRESS: XXXXXXXXXXx
> > SERVER IP ADDRESS: YYYYYYYYYY
> > =============================================================
> > "
> > The Service Ticket is found when AccessToken is called & CAS returns the
> > TGT back to Shindig.
> > This is where I get the Shindig Error with "The security
> > token.....malformed and cannot be passed"
> >
> >
> > I tried to log everything using FINE log level but I just can see only
> this
> > INFO message related to the token problem.
> > I don't know if the ticket provided by CAS is good (
> >
> TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com)
> > or if I have a credential problem.
> > I defined also a shindig.signing.state-key :is there a link?
> > My Oauth client config in oauth2.json is:
> > "providerName" : "shindigOAuth2Provider",
> > "redirect_uri" :
> "%origin%%contextRoot%/gadgets/oauth2callback",
> > "type" : "confidential",
> > "grant_type" : "code",
> > "client_id" : "shindigClient",
> > "client_secret" : "phloemesecret"
> > The OAuth provider config in oauth2.json is:
> > "client_authentication" : "STANDARD",
> > "usesAuthorizationHeader" : "false",
> > "usesUrlParameter" : "true",
> > "endpoints" : {
> > "authorizationUrl" : "
> > https://xxxxxxxxx/cas/oauth2.0/authorize
> > ",
> > "tokenUrl" : "
> > https://xxxxxxxxx/cas/oauth2.0/accessToken"
> >
> > I'm stuck... any idea?
> > Thanks for your answers
> >
> > Regards,
> >
> > Alexandre
> >
>
--
PHLOEME
Alexandre Kettaneh
Architecte d'Entreprise, associé
Tél: +33 1 75 00 18 18
Mob: +33 6 63 79 82 85
Re: Oauth with CAS Jasig
Posted by A Clarke <cl...@gmail.com>.
Hi Alexandre,
You should try tracing with FINEST, at least for
org.apache.shindig.gadgets.oauth2.* and
org.apache.shindig.gadgets.servlet.OAuth2CallbackServlet
Your exception is strange to me ...
org.apache.shindig.social.core.oauth2.OAuth2Exception , that's coming from
the OAuth2 provider.
If it's in the provider I'd suggest tracing FINEST on
org.apache.shindig.social.core.oauth2.* as well.
On Wed, Mar 20, 2013 at 2:36 PM, alexandre kettaneh <
alexandre.kettaneh@phloeme.com> wrote:
> Hello,
> I'm trying to make OAuth working between Shindig 2.5.0 beta 5 and a CAS
> Jasig Server 3.5.2 with OAuth Server support.
> The Oauth samples work great out of the box, using Shindig OAuth provider
> or Google's.
>
> But when I use my Cas Server everything seems to work until the last part
> of the oauth flow where I get an error on SHINDIG:
>
> "
> INFO: The security token or credential is malformed and cannot be parsed.
> org.apache.shindig.social.core.oauth2.OAuth2Exception: Access token is
> invalid.
> "
> Shindig & Cas are deployed on 2 differents servers & I stored CAS
> Certificate into Shindig's server Java Keystore.
>
> When opening the session on the CAS Server, I can see in the console:
> "
> =============================================================
> WHO: [username: john.doe]
> WHAT:
> TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com
> ACTION: TICKET_GRANTING_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Mar 20 18:11:28 CET 2013
> CLIENT IP ADDRESS: XXXXXXXXXXx
> SERVER IP ADDRESS: YYYYYYYYYY
> =============================================================
> "
> The Service Ticket is found when AccessToken is called & CAS returns the
> TGT back to Shindig.
> This is where I get the Shindig Error with "The security
> token.....malformed and cannot be passed"
>
>
> I tried to log everything using FINE log level but I just can see only this
> INFO message related to the token problem.
> I don't know if the ticket provided by CAS is good (
> TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com)
> or if I have a credential problem.
> I defined also a shindig.signing.state-key :is there a link?
> My Oauth client config in oauth2.json is:
> "providerName" : "shindigOAuth2Provider",
> "redirect_uri" : "%origin%%contextRoot%/gadgets/oauth2callback",
> "type" : "confidential",
> "grant_type" : "code",
> "client_id" : "shindigClient",
> "client_secret" : "phloemesecret"
> The OAuth provider config in oauth2.json is:
> "client_authentication" : "STANDARD",
> "usesAuthorizationHeader" : "false",
> "usesUrlParameter" : "true",
> "endpoints" : {
> "authorizationUrl" : "
> https://xxxxxxxxx/cas/oauth2.0/authorize
> ",
> "tokenUrl" : "
> https://xxxxxxxxx/cas/oauth2.0/accessToken"
>
> I'm stuck... any idea?
> Thanks for your answers
>
> Regards,
>
> Alexandre
>