Great news. I am going to try that the next few days.
Thanks nilesh
Am Montag, 16. April 2018 14:57:42 UTC+2 schrieb nilesh choudhary:
>
> Hello Anders and Christoph,
>
> I faced the same issue but was able to find a way out.
> I am not sure if this is expected behavior but you can simply remove the
> client_secret parameter from your call. It would start looking for username
> and password. If you provide client_id and client_secret, it simply
> verifies that and returns a token without caring to check username and
> password validity.
>
> Hope this helps
>
> -Nilesh Choudhary
>
> On Sun, Apr 15, 2018 at 12:39 AM, Christoph Scholz <christop...@gmail.com
> <javascript:>> wrote:
>
>> Hi Anders,
>>
>> I am facing exactly the same problem when using “Resource Owner
>> Credentials” with CAS 5.2.x connected to AD backend.
>>
>> Did you resolve your problem?
>>
>> Cheers
>>
>> Christoph
>>
>> Am Donnerstag, 1. Februar 2018 15:56:31 UTC+1 schrieb Anders Olsen:
>>>
>>> Hello,
>>>
>>>
>>>
>>> I am currently trying to setup OAuth2 for CAS running 5.2.2 with a MySQL
>>> backend.
>>>
>>> I have the normal CAS protocol working, where it checks username and
>>> password vs stored username and hashes.
>>>
>>>
>>>
>>> However, I am trying to use the Grant Type “Resource Owner Credentials”
>>> but CAS runs the request as a “Client Credential” and gives access tokens,
>>> even when no username and password has been specified.
>>>
>>>
>>>
>>> I have the following service definition:
>>>
>>> {
>>>
>>> "@class" :
>>> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>>>
>>> "clientId": "dofbasen_oauth2_android",
>>>
>>> "clientSecret": "XXX",
>>>
>>> "generateRefreshToken" : true,
>>>
>>> "jsonFormat" : true,
>>>
>>> "supported_grants" : ["password", "refresh_token"],
>>>
>>> "name" : "OAuth2 (Android)",
>>>
>>> "id" : 201801311512,
>>>
>>> "attributeReleasePolicy" : {
>>>
>>> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>>>
>>> }
>>>
>>> }
>>>
>>>
>>>
>>> This is my request in Postman:
>>>
>>>
>>>
>>> I can see in the terminal, having set the loglevel to debug, that CAS
>>> uses the OAuthClientAuthenticator:
>>>
>>> [org.apereo.cas.support.oauth.authenticator.OAuthClientAuthenticator] -
>>> <Authenticated user profile [#OAuthClientProfile# | id:
>>> dofbasen_oauth2_android | attributes: {} | roles: [] | permissions: [] |
>>> isRemembered: false | clientName: null | linkedId: null |]>
>>>
>>>
>>>
>>> It seems to me that something has been mixed up in the implementation
>>> and CAS is actually using the Client Credentials (where grant_type should
>>> have been client_credentials) instead of the Resource Owner Credentials
>>> which has grant_type=password..
>>>
>>>
>>>
>>> If you need more details or my configuration or anything, I’ll gladly
>>> send them.
>>>
>>>
>>>
>>> With regards
>>>
>>> *Anders Olsen*
>>>
>>> Softwareudvikler
>>>
>>> Software Developer
>>>
>>>
>>>
>>> Tel +45 3328 3800
>>>
>>> [image: https://integration.dof.dk/assets/small/birdlife_dof_100px.png]
>>>
>>> [image: https://integration.dof.dk/assets/small/fb.png]
>>> <https://www.facebook.com/birdlifedk> [image:
>>> https://integration.dof.dk/assets/small/instagram.png]
>>> <https://www.instagram.com/danmarksfugle> [image:
>>> https://integration.dof.dk/assets/small/youtube.png]
>>> <https://www.youtube.com/user/DOFBirdlife>
>>>
>>> DOF / Birdlife Denmark | Vesterbrogade 140 |
>>> <https://maps.google.com/?q=Vesterbrogade+140%0D%0A+%7C+1620+K%C3%B8benhavn+V&entry=gmail&source=g>
>>> 1620
>>> København V
>>> <https://maps.google.com/?q=Vesterbrogade+140%0D%0A+%7C+1620+K%C3%B8benhavn+V&entry=gmail&source=g>
>>>
>>> | www.dof.dk
>>>
>>>
>>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/ebbb54c6-3fe4-4988-b439-8a73699d38c5%40apereo.org
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/ebbb54c6-3fe4-4988-b439-8a73699d38c5%40apereo.org?utm_medium=email&utm_source=footer>
>> .
>>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2296ce28-b8ef-4335-a633-936b612a6683%40apereo.org.
