Hi All, I am using CAS 4.2.7 and the delegate authentication does not appear to be working properly. I got the exact same results using the demo https://github.com/casinthecloud/cas-pac4j-oauth-demo/tree/4.2.x. In both cases twitter works and facebook does not. Clicking the facebook link properly takes the user to Facebook, and the user can click approve and then it forwards back to CAS and displays the server error page.
The relevant log entries are: 2017-08-10 15:07:19,943 DEBUG [org.springframework.webflow.execution.ActionExecutor] - Executing org.jasig.cas.support.pac4j.web.flow.ClientAction@6c59325f 2017-08-10 15:07:19,944 DEBUG [org.pac4j.oauth.client.BaseOAuth20Client] - sessionState : yZkhX8vavT / stateParameter : yZkhX8vavT 2017-08-10 15:07:19,944 DEBUG [org.pac4j.oauth.client.BaseOAuth20Client] - verifier : AQCPv6onxJSaI812-O16CADAq5xYRUJwKdNwUAnbO0RTSkoRKsblQZJblwOgAhat9Hx5IaBqVeBUWdfWqWl6tWbjqnfqD2di7vBO7pWQSDK81MUkxPujexdqPjXYF1bk2l_76DgidMF1DA4_GBU-BgL6xZwmu8ul0kEDZF-RoNJdzl8-yFHp4NPceGLG8MN_N9QyIGZnNDiHX_Ea22O3Me8UJWN0Gv2v_07AncE6Dojs22pqKJ2h4eWp4MfEFjjl67jiTTBbvgV9Hrdvhnzy0RCdn-7rK1PP1orYSjjgyzByuu27gEdFKUfBNfCIycZrH68 2017-08-10 15:07:19,965 DEBUG [org.pac4j.oauth.client.FacebookClient] - credentials : <OAuthCredentials> | requestToken: null | token: null | verifier: AQCPv6onxJSaI812-O16CADAq5xYRUJwKdNwUAnbO0RTSkoRKsblQZJblwOgAhat9Hx5IaBqVeBUWdfWqWl6tWbjqnfqD2di7vBO7pWQSDK81MUkxPujexdqPjXYF1bk2l_76DgidMF1DA4_GBU-BgL6xZwmu8ul0kEDZF-RoNJdzl8-yFHp4NPceGLG8MN_N9QyIGZnNDiHX_Ea22O3Me8UJWN0Gv2v_07AncE6Dojs22pqKJ2h4eWp4MfEFjjl67jiTTBbvgV9Hrdvhnzy0RCdn-7rK1PP1orYSjjgyzByuu27gEdFKUfBNfCIycZrH68 | clientName: FacebookClient | 2017-08-10 15:07:19,966 DEBUG [org.pac4j.oauth.client.BaseOAuth20Client] - verifier : AQCPv6onxJSaI812-O16CADAq5xYRUJwKdNwUAnbO0RTSkoRKsblQZJblwOgAhat9Hx5IaBqVeBUWdfWqWl6tWbjqnfqD2di7vBO7pWQSDK81MUkxPujexdqPjXYF1bk2l_76DgidMF1DA4_GBU-BgL6xZwmu8ul0kEDZF-RoNJdzl8-yFHp4NPceGLG8MN_N9QyIGZnNDiHX_Ea22O3Me8UJWN0Gv2v_07AncE6Dojs22pqKJ2h4eWp4MfEFjjl67jiTTBbvgV9Hrdvhnzy0RCdn-7rK1PP1orYSjjgyzByuu27gEdFKUfBNfCIycZrH68 2017-08-10 15:07:20,900 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: org.jasig.cas.authentication.principal.ClientCredential@62d12aca WHAT: Supplied credentials: [org.jasig.cas.authentication.principal.ClientCredential@62d12aca] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Thu Aug 10 15:07:20 CDT 2017 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 ============================================================= 2017-08-10 15:07:20,905 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - Attempting to handle [org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.jasig.cas.support.pac4j.web.flow.ClientAction@6c59325f in state 'clientAction' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause [org.scribe.exceptions.OAuthException: Response body is incorrect. Can't extract a token from this: '{"access_token":"EAAJuVu68W5sBAE8aNvzKSZCyZBACpRS3rMjIxw06KojA2AcOkt5ZAWY654nYjOXaAbOFciOX0XsaKf8RVTSlXaUn8iOUpJoZAWXGfmucqeets3OFWnmInjXQ4ZAsZBa5eSpkB6Hv9jKp4FfSXyX0JmORPnENj0eNgiBwUxBQnuEQZDZD","token_type":"bearer","expires_in":5183856}'] Does anyone have any suggestions? Thanks, Nancy CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain confidential, privileged and/or proprietary information which is solely for the use of the intended recipient(s). Any review, use, disclosure or retention by others is strictly prohibited. If you are not an intended recipient, please contact the sender and delete this e-mail, any attachments and all copies. Permanent General Assurance Corporation | Permanent General Assurance Corporation of Ohio | The General Automobile Insurance Company, Inc. | Home Office: 2636 Elm Hill Pike, Nashville, TN 37214 -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ebe11493a6df4fe9aa8f79226c1c147a%40TGI-EX13MBX01.pgac.com.