Karen, Sorry, I can't explain it. I don't know why oa4mp would log that the client has not been approved when the corresponding clientApprovals data file contains "<entry key="approved">true</entry>". My only other idea is to try restarting your oa4mp server, if you haven't tried that already. Please submit a bug report at https://gateways.atlassian.net/browse/OAUTH with full details (oa4mp version, config file, log file, clientApprovals data file).
-Jim On 7/19/13 2:03 PM, "Karen M. Fernsler" <[email protected]> wrote: >Thanks again Jim, > >Correct me if I'm misunderstanding, but in this case I think we're >looking at the latter possibility (#2) if the client id in the >error message > > a) matches the client id with (<entry key="approved">true</entry>) in > the clientApprovals/dataPath file and > b) also matches the client id in the clients/dataPath file > >I have confirmed they all indeed match. > >I have opened a ticket with globusonline. > >-k > >On Fri, Jul 19, 2013 at 05:57:22PM +0000, Basney, Jim wrote: >> Karen, >> >> I don't know about the "Json parse unterminated string" message. I >>suspect >> that's coming from Globus Online, not oa4mp. Maybe you should submit a >> request at https://support.globusonline.org/ about that. >> >> Since you're using oa4mp's fileStore you can check for the Globus client >> in your fileStore path. In the clientApprovals/dataPath subdirectory you >> should see a file containing the oauth_consumer_key in question (i.e., >> matching the client identifier from the error message you quoted in your >> original message) along with: >> >> <entry key="approved">true</entry> >> >> You should also see a file containing the same oauth_consumer_key in the >> clients/dataPath subdirectory. They're just XML text files, so you can >> grep/cat them. >> >> It seems to me the only possibilities are either 1) something changed in >> your fileStore path for the Globus client or 2) Globus Online is using a >> different OAuth client identifier than it was before (i.e., different >>from >> what you approved). Hopefully matching the client identifier from the >> error message to the oauth_consumer_key in clientApprovals/dataPath will >> diagnose the problem. >> >> -Jim >> >> On 7/19/13 12:40 PM, "Karen M. Fernsler" <[email protected]> wrote: >> >Hi Jim, >> > >> >Thanks for your response. >> > >> >We're using fileStore. >> > >> >In web.xml, oa4mp:server.config.file is pointing to the server >> >config file that was fed to oa4mp-approver.jar in the attempt >> >to re-approve. This config file only has one config in it >> >"myconfig". >> > >> >I was able to set up a test client and approve it with this setup. >> > >> >The globus client which is now "unapproved" was approved at one >> >point and we were able to use it with the oauth server to do transfers >> >with gridftp. >> > >> >One thing we have noticed -- at the point where globusonline tries to >> >redirect the user to the oauth server for authentication we have >> >seen a pink error box pop up briefly posting: >> >"Json parse unterminated string" (it's a really brief pop up and it >> >doesn't always display the text). >> > >> >thanks, >> >-k >> > >> >On Fri, Jul 19, 2013 at 01:26:14AM +0000, Basney, Jim wrote: >> >> Hi Karen, >> >> >> >> My only guess is that your oa4mp server is configured to look in a >> >> different store for your clients and clientApprovals than where you >> >>wrote >> >> the clientApprovals using oa4mp-approver.jar. What are the contents >>of >> >>the >> >> OA4MP config file pointed to by the oa4mp:server.config.file property >> >>and >> >> is that the same config file you're using with oa4mp-approver.jar to >> >> approve the client? Are you using mysql, postgresql, fileStore, or >> >> memoryStore for clients and clientApprovals? >> >> >> >> I'm Ccing Jeff Gaynor who may be able to provide additional >>assistance. >> >> >> >> Documentation references: >> >> >> >>>>http://grid.ncsa.illinois.edu/myproxy/oauth/server/configuration/server >>>>-c >> >>on >> >> figuration-file.xhtml >> >> >>http://grid.ncsa.illinois.edu/myproxy/oauth/server/dtd/server-dtd.xhtml >> >> >> >>>>http://grid.ncsa.illinois.edu/myproxy/oauth/server/dtd/server-dtd-conte >>>>nt >> >>-t >> >> ags.xhtml >> >> >> >>>>http://grid.ncsa.illinois.edu/myproxy/oauth/server/manuals/manually-app >>>>ro >> >>vi >> >> ng-clients.xhtml >> >> >> >> -Jim >> >> >> >> On 7/18/13 8:12 PM, "Karen M. Fernsler" <[email protected]> wrote: >> >> >Hi, >> >> > >> >> >A few weeks ago we approved globusonline as a client for use with >>our >> >> >oauth server. >> >> > >> >> >Up until very recently it was working just fine, but suddenly the >> >>server >> >> >appears to be >> >> >claiming that the client isn't approved: >> >> > >> >> >Jul 18, 2013 6:04:35 PM >> >>edu.uiuc.ncsa.security.core.util.MyLoggingFacade >> >> >error >> >> >SEVERE: oa4mp(Thu Jul 18 18:04:35 PDT 2013): INTERNAL ERROR: Error: >>The >> >> >client with identifier "myproxy:oa4mp,2012:/client/[....]" has not >>been >> >> >approved. Request rejected. Please contact your administrator. >> >> >Jul 18, 2013 6:04:35 PM >> >>edu.uiuc.ncsa.security.core.util.MyLoggingFacade >> >> >error >> >> >SEVERE: oa4mp(Thu Jul 18 18:04:35 PDT 2013): >> >> >edu.uiuc.ncsa.security.delegation.server.UnapprovedClientException: >> >> >Error: The client with identifier "myproxy:oa4mp,2012:/client/[ ... >>]" >> >> >has not been approved. Request rejected. Please contact your >> >>administrator >> >> > >> >> > >> >> >Has anyone run into this before? >> >> >Any ideas what to look for? >> >> > >> >> >We have tried re-approving the client to no avail. >> >> > >> >> >thanks, >> >> >-k
