Thanks again Jim,
Correct me if I'm misunderstanding, but in this case I think we're
looking at the latter possibility (#2) if the client id in the
error message
a) matches the client id with (<entry key="approved">true</entry>) in
the clientApprovals/dataPath file and
b) also matches the client id in the clients/dataPath file
I have confirmed they all indeed match.
I have opened a ticket with globusonline.
-k
On Fri, Jul 19, 2013 at 05:57:22PM +0000, Basney, Jim wrote:
> Karen,
>
> I don't know about the "Json parse unterminated string" message. I suspect
> that's coming from Globus Online, not oa4mp. Maybe you should submit a
> request at https://support.globusonline.org/ about that.
>
> Since you're using oa4mp's fileStore you can check for the Globus client
> in your fileStore path. In the clientApprovals/dataPath subdirectory you
> should see a file containing the oauth_consumer_key in question (i.e.,
> matching the client identifier from the error message you quoted in your
> original message) along with:
>
> <entry key="approved">true</entry>
>
> You should also see a file containing the same oauth_consumer_key in the
> clients/dataPath subdirectory. They're just XML text files, so you can
> grep/cat them.
>
> It seems to me the only possibilities are either 1) something changed in
> your fileStore path for the Globus client or 2) Globus Online is using a
> different OAuth client identifier than it was before (i.e., different from
> what you approved). Hopefully matching the client identifier from the
> error message to the oauth_consumer_key in clientApprovals/dataPath will
> diagnose the problem.
>
> -Jim
>
> On 7/19/13 12:40 PM, "Karen M. Fernsler" <[email protected]> wrote:
> >Hi Jim,
> >
> >Thanks for your response.
> >
> >We're using fileStore.
> >
> >In web.xml, oa4mp:server.config.file is pointing to the server
> >config file that was fed to oa4mp-approver.jar in the attempt
> >to re-approve. This config file only has one config in it
> >"myconfig".
> >
> >I was able to set up a test client and approve it with this setup.
> >
> >The globus client which is now "unapproved" was approved at one
> >point and we were able to use it with the oauth server to do transfers
> >with gridftp.
> >
> >One thing we have noticed -- at the point where globusonline tries to
> >redirect the user to the oauth server for authentication we have
> >seen a pink error box pop up briefly posting:
> >"Json parse unterminated string" (it's a really brief pop up and it
> >doesn't always display the text).
> >
> >thanks,
> >-k
> >
> >On Fri, Jul 19, 2013 at 01:26:14AM +0000, Basney, Jim wrote:
> >> Hi Karen,
> >>
> >> My only guess is that your oa4mp server is configured to look in a
> >> different store for your clients and clientApprovals than where you
> >>wrote
> >> the clientApprovals using oa4mp-approver.jar. What are the contents of
> >>the
> >> OA4MP config file pointed to by the oa4mp:server.config.file property
> >>and
> >> is that the same config file you're using with oa4mp-approver.jar to
> >> approve the client? Are you using mysql, postgresql, fileStore, or
> >> memoryStore for clients and clientApprovals?
> >>
> >> I'm Ccing Jeff Gaynor who may be able to provide additional assistance.
> >>
> >> Documentation references:
> >>
> >>http://grid.ncsa.illinois.edu/myproxy/oauth/server/configuration/server-c
> >>on
> >> figuration-file.xhtml
> >> http://grid.ncsa.illinois.edu/myproxy/oauth/server/dtd/server-dtd.xhtml
> >>
> >>http://grid.ncsa.illinois.edu/myproxy/oauth/server/dtd/server-dtd-content
> >>-t
> >> ags.xhtml
> >>
> >>http://grid.ncsa.illinois.edu/myproxy/oauth/server/manuals/manually-appro
> >>vi
> >> ng-clients.xhtml
> >>
> >> -Jim
> >>
> >> On 7/18/13 8:12 PM, "Karen M. Fernsler" <[email protected]> wrote:
> >> >Hi,
> >> >
> >> >A few weeks ago we approved globusonline as a client for use with our
> >> >oauth server.
> >> >
> >> >Up until very recently it was working just fine, but suddenly the
> >>server
> >> >appears to be
> >> >claiming that the client isn't approved:
> >> >
> >> >Jul 18, 2013 6:04:35 PM
> >>edu.uiuc.ncsa.security.core.util.MyLoggingFacade
> >> >error
> >> >SEVERE: oa4mp(Thu Jul 18 18:04:35 PDT 2013): INTERNAL ERROR: Error: The
> >> >client with identifier "myproxy:oa4mp,2012:/client/[....]" has not been
> >> >approved. Request rejected. Please contact your administrator.
> >> >Jul 18, 2013 6:04:35 PM
> >>edu.uiuc.ncsa.security.core.util.MyLoggingFacade
> >> >error
> >> >SEVERE: oa4mp(Thu Jul 18 18:04:35 PDT 2013):
> >> >edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException:
> >> >Error: The client with identifier "myproxy:oa4mp,2012:/client/[ ... ]"
> >> >has not been approved. Request rejected. Please contact your
> >>administrator
> >> >
> >> >
> >> >Has anyone run into this before?
> >> >Any ideas what to look for?
> >> >
> >> >We have tried re-approving the client to no avail.
> >> >
> >> >thanks,
> >> >-k
>
