Hi Baron, Maybe some more debug logs will helps with debugging this issue?
*/cas/oauth2.0/callbackAuthorize* is an intermediate URL, usually no need to know about it. So that why the doc didn't specified it. Maybe you can try upgrading it to CAS 5.3 and see if the problem still exists. CAS OAuth implementation is a lot more stable in 5.2 / 5.3 versions in my opinion. Cheers! - Andy On Wednesday, 5 September 2018 11:53:11 UTC+8, baron wrote: > > I'm trying to help a developer use OAuth with our 5.0.x instance. I > believe I've successfully enabled the OAuth feature documentation at < > https://apereo.github.io/cas/5.0.x/installation/OAuth-OpenId-Authentication.html> > > > > Our barebones service registration for their service looks like: > > { > "name" : "OAuth_test", > "clientId" : "OAuth_test", > "clientSecret": "*****", > "serviceId" : "^http://.*", > "description" : "OAuth test", > "id" : 201809041700, > "bypassApprovalPrompt": false, > "@class" : > "org.apereo.cas.support.oauth.services.OAuthRegisteredService", > } > > However the client, after authenticating the user, eventually throws up > the error, "Error: cannot validate CAS ticket: > ST-1-0pzfaTQ9HGcmk64kIU9t-cas", and I see an exception in the logs that > ultimately seems to boild down to: > > Caused by: org.jasig.cas.client.validation.TicketValidationException: No > principal was found in the response from the CAS server. > > I notice in the logs that the request appears to call > /cas/oauth2.0/callbackAuthorize, which I don't see as an endpoint in the > CAS OAuth documentation. Is this significant? > > More specifically, the client appears to be using the service > > http://cas.example.edu/cas/oauth2.0/callbackAuthorize?client_name=CasOAuthClient&client_id=OAuth_test&redirect_uri=http://localhost:8080/login/cas > > > Can anyone provide any pointers to what's going on here? My Google-fu has > been weak trying to get traction on this. > -- > Baron Fujimoto <ba...@hawaii.edu <javascript:>> :: UH Information > Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ae1bd11-5fd6-461c-9be5-e7200ca2d550%40apereo.org.