Oauth with CAS Jasig

Wed, 20 Mar 2013 11:37:09 -0700 

Hello,
I'm trying to make OAuth working between Shindig 2.5.0 beta 5 and a CAS
Jasig Server 3.5.2 with OAuth Server support.
The Oauth samples work great out of the box, using Shindig OAuth provider
or Google's.

But when I use my Cas Server everything seems to work until the last part
of the oauth flow where I get an error on SHINDIG:

"
INFO: The security token or credential is malformed and cannot be parsed.
org.apache.shindig.social.core.oauth2.OAuth2Exception: Access token is
invalid.
"
Shindig & Cas are deployed on 2 differents servers & I stored CAS
Certificate into Shindig's server Java Keystore.

When opening the session on the CAS Server, I can see in the console:
"
=============================================================
WHO: [username: john.doe]
WHAT:
TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Wed Mar 20 18:11:28 CET 2013
CLIENT IP ADDRESS: XXXXXXXXXXx
SERVER IP ADDRESS: YYYYYYYYYY
=============================================================
"
The Service Ticket is found when AccessToken is called & CAS returns the
TGT back to Shindig.
This is where I get the Shindig Error with "The security
token.....malformed and cannot be passed"


I tried to log everything using FINE log level but I just can see only this
INFO message related to the token problem.
I don't know if the ticket provided by CAS is good (
TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com)
or if I have a credential problem.
I defined also a shindig.signing.state-key :is there a link?
My Oauth client config in oauth2.json is:
         "providerName"  : "shindigOAuth2Provider",
         "redirect_uri"  : "%origin%%contextRoot%/gadgets/oauth2callback",
         "type"          : "confidential",
         "grant_type"    : "code",
         "client_id"     : "shindigClient",
         "client_secret" : "phloemesecret"
The OAuth provider config in oauth2.json is:
         "client_authentication" : "STANDARD",
         "usesAuthorizationHeader" : "false",
         "usesUrlParameter" : "true",
         "endpoints" : {
            "authorizationUrl"   : "https://xxxxxxxxx/cas/oauth2.0/authorize
",
            "tokenUrl"           : "
https://xxxxxxxxx/cas/oauth2.0/accessToken";

I'm stuck... any idea?
Thanks for your answers

Regards,

Alexandre

Reply via email to