Happy to provide more debug logs. Since the logs at DEBUG level are so verbose I tried to excerpt what I thought would be relevant. Any suggestions on anything in particular?
Unfortunately, while we have medium to longer term plans to upgrade to 5.3, upgrading from 5.0 is not an option in the short term. On Wed, Sep 05, 2018 at 01:09:59AM -0700, Andy Ng wrote: >Hi Baron, > >Maybe some more debug logs will helps with debugging this issue? > >*/cas/oauth2.0/callbackAuthorize* is an intermediate URL, usually no need >to know about it. So that why the doc didn't specified it. > >Maybe you can try upgrading it to CAS 5.3 and see if the problem still >exists. CAS OAuth implementation is a lot more stable in 5.2 / 5.3 versions >in my opinion. > >Cheers! >- Andy > > > >On Wednesday, 5 September 2018 11:53:11 UTC+8, baron wrote: >> >> I'm trying to help a developer use OAuth with our 5.0.x instance. I >> believe I've successfully enabled the OAuth feature documentation at < >> https://apereo.github.io/cas/5.0.x/installation/OAuth-OpenId-Authentication.html> >> >> >> >> Our barebones service registration for their service looks like: >> >> { >> "name" : "OAuth_test", >> "clientId" : "OAuth_test", >> "clientSecret": "*****", >> "serviceId" : "^http://.*";, >> "description" : "OAuth test", >> "id" : 201809041700, >> "bypassApprovalPrompt": false, >> "@class" : >> "org.apereo.cas.support.oauth.services.OAuthRegisteredService", >> } >> >> However the client, after authenticating the user, eventually throws up >> the error, "Error: cannot validate CAS ticket: >> ST-1-0pzfaTQ9HGcmk64kIU9t-cas", and I see an exception in the logs that >> ultimately seems to boild down to: >> >> Caused by: org.jasig.cas.client.validation.TicketValidationException: No >> principal was found in the response from the CAS server. >> >> I notice in the logs that the request appears to call >> /cas/oauth2.0/callbackAuthorize, which I don't see as an endpoint in the >> CAS OAuth documentation. Is this significant? >> >> More specifically, the client appears to be using the service >> >> http://cas.example.edu/cas/oauth2.0/callbackAuthorize?client_name=CasOAuthClient&client_id=OAuth_test&redirect_uri=http://localhost:8080/login/cas >> >> >> Can anyone provide any pointers to what's going on here? My Google-fu has >> been weak trying to get traction on this. >> -- >> Baron Fujimoto <ba...@hawaii.edu <javascript:>> :: UH Information >> Technology Services >> minutas cantorum, minutas balorum, minutas carboratum desendus pantorum >> > >-- >- Website: https://apereo.github.io/cas >- Gitter Chatroom: https://gitter.im/apereo/cas >- List Guidelines: https://goo.gl/1VRrw7 >- Contributions: https://goo.gl/mh7qDG >--- >You received this message because you are subscribed to the Google Groups "CAS >Community" group. >To unsubscribe from this group and stop receiving emails from it, send an >email to cas-user+unsubscr...@apereo.org. >To view this discussion on the web visit >https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ae1bd11-5fd6-461c-9be5-e7200ca2d550%40apereo.org. -- Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20180905185808.lniihamzorowl4or%40combobulate.mgt.hawaii.edu.
