Karen, Per our discussion a couple days ago… I think you will be better off with the new (Python, not Java) OAuth interface to MyProxy that is now in the GT repos, and which is used and automatically configured appropriately for use with Globus Online by Globus Connect Multiuser.
Regards, -Steve On Jul 19, 2013, at 2:03 PM, "Karen M. Fernsler" <[email protected]> wrote: > Thanks again Jim, > > Correct me if I'm misunderstanding, but in this case I think we're > looking at the latter possibility (#2) if the client id in the > error message > > a) matches the client id with (<entry key="approved">true</entry>) in > the clientApprovals/dataPath file and > b) also matches the client id in the clients/dataPath file > > I have confirmed they all indeed match. > > I have opened a ticket with globusonline. > > -k > > On Fri, Jul 19, 2013 at 05:57:22PM +0000, Basney, Jim wrote: >> Karen, >> >> I don't know about the "Json parse unterminated string" message. I suspect >> that's coming from Globus Online, not oa4mp. Maybe you should submit a >> request at https://support.globusonline.org/ about that. >> >> Since you're using oa4mp's fileStore you can check for the Globus client >> in your fileStore path. In the clientApprovals/dataPath subdirectory you >> should see a file containing the oauth_consumer_key in question (i.e., >> matching the client identifier from the error message you quoted in your >> original message) along with: >> >> <entry key="approved">true</entry> >> >> You should also see a file containing the same oauth_consumer_key in the >> clients/dataPath subdirectory. They're just XML text files, so you can >> grep/cat them. >> >> It seems to me the only possibilities are either 1) something changed in >> your fileStore path for the Globus client or 2) Globus Online is using a >> different OAuth client identifier than it was before (i.e., different from >> what you approved). Hopefully matching the client identifier from the >> error message to the oauth_consumer_key in clientApprovals/dataPath will >> diagnose the problem. >> >> -Jim >> >> On 7/19/13 12:40 PM, "Karen M. Fernsler" <[email protected]> wrote: >>> Hi Jim, >>> >>> Thanks for your response. >>> >>> We're using fileStore. >>> >>> In web.xml, oa4mp:server.config.file is pointing to the server >>> config file that was fed to oa4mp-approver.jar in the attempt >>> to re-approve. This config file only has one config in it >>> "myconfig". >>> >>> I was able to set up a test client and approve it with this setup. >>> >>> The globus client which is now "unapproved" was approved at one >>> point and we were able to use it with the oauth server to do transfers >>> with gridftp. >>> >>> One thing we have noticed -- at the point where globusonline tries to >>> redirect the user to the oauth server for authentication we have >>> seen a pink error box pop up briefly posting: >>> "Json parse unterminated string" (it's a really brief pop up and it >>> doesn't always display the text). >>> >>> thanks, >>> -k >>> >>> On Fri, Jul 19, 2013 at 01:26:14AM +0000, Basney, Jim wrote: >>>> Hi Karen, >>>> >>>> My only guess is that your oa4mp server is configured to look in a >>>> different store for your clients and clientApprovals than where you >>>> wrote >>>> the clientApprovals using oa4mp-approver.jar. What are the contents of >>>> the >>>> OA4MP config file pointed to by the oa4mp:server.config.file property >>>> and >>>> is that the same config file you're using with oa4mp-approver.jar to >>>> approve the client? Are you using mysql, postgresql, fileStore, or >>>> memoryStore for clients and clientApprovals? >>>> >>>> I'm Ccing Jeff Gaynor who may be able to provide additional assistance. >>>> >>>> Documentation references: >>>> >>>> http://grid.ncsa.illinois.edu/myproxy/oauth/server/configuration/server-c >>>> on >>>> figuration-file.xhtml >>>> http://grid.ncsa.illinois.edu/myproxy/oauth/server/dtd/server-dtd.xhtml >>>> >>>> http://grid.ncsa.illinois.edu/myproxy/oauth/server/dtd/server-dtd-content >>>> -t >>>> ags.xhtml >>>> >>>> http://grid.ncsa.illinois.edu/myproxy/oauth/server/manuals/manually-appro >>>> vi >>>> ng-clients.xhtml >>>> >>>> -Jim >>>> >>>> On 7/18/13 8:12 PM, "Karen M. Fernsler" <[email protected]> wrote: >>>>> Hi, >>>>> >>>>> A few weeks ago we approved globusonline as a client for use with our >>>>> oauth server. >>>>> >>>>> Up until very recently it was working just fine, but suddenly the >>>> server >>>>> appears to be >>>>> claiming that the client isn't approved: >>>>> >>>>> Jul 18, 2013 6:04:35 PM >>>> edu.uiuc.ncsa.security.core.util.MyLoggingFacade >>>>> error >>>>> SEVERE: oa4mp(Thu Jul 18 18:04:35 PDT 2013): INTERNAL ERROR: Error: The >>>>> client with identifier "myproxy:oa4mp,2012:/client/[....]" has not been >>>>> approved. Request rejected. Please contact your administrator. >>>>> Jul 18, 2013 6:04:35 PM >>>> edu.uiuc.ncsa.security.core.util.MyLoggingFacade >>>>> error >>>>> SEVERE: oa4mp(Thu Jul 18 18:04:35 PDT 2013): >>>>> edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException: >>>>> Error: The client with identifier "myproxy:oa4mp,2012:/client/[ ... ]" >>>>> has not been approved. Request rejected. Please contact your >>>> administrator >>>>> >>>>> >>>>> Has anyone run into this before? >>>>> Any ideas what to look for? >>>>> >>>>> We have tried re-approving the client to no avail. >>>>> >>>>> thanks, >>>>> -k >>
