Hi Alexandre,
You should try tracing with FINEST, at least for
org.apache.shindig.gadgets.oauth2.* and
org.apache.shindig.gadgets.servlet.OAuth2CallbackServlet
Your exception is strange to me ...
org.apache.shindig.social.core.oauth2.OAuth2Exception , that's coming from
the OAuth2 provider.
If it's in the provider I'd suggest tracing FINEST on
org.apache.shindig.social.core.oauth2.* as well.
On Wed, Mar 20, 2013 at 2:36 PM, alexandre kettaneh <
alexandre.ketta...@phloeme.com> wrote:
> Hello,
> I'm trying to make OAuth working between Shindig 2.5.0 beta 5 and a CAS
> Jasig Server 3.5.2 with OAuth Server support.
> The Oauth samples work great out of the box, using Shindig OAuth provider
> or Google's.
>
> But when I use my Cas Server everything seems to work until the last part
> of the oauth flow where I get an error on SHINDIG:
>
> "
> INFO: The security token or credential is malformed and cannot be parsed.
> org.apache.shindig.social.core.oauth2.OAuth2Exception: Access token is
> invalid.
> "
> Shindig & Cas are deployed on 2 differents servers & I stored CAS
> Certificate into Shindig's server Java Keystore.
>
> When opening the session on the CAS Server, I can see in the console:
> "
> =============================================================
> WHO: [username: john.doe]
> WHAT:
> TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com
> ACTION: TICKET_GRANTING_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Mar 20 18:11:28 CET 2013
> CLIENT IP ADDRESS: XXXXXXXXXXx
> SERVER IP ADDRESS: YYYYYYYYYY
> =============================================================
> "
> The Service Ticket is found when AccessToken is called & CAS returns the
> TGT back to Shindig.
> This is where I get the Shindig Error with "The security
> token.....malformed and cannot be passed"
>
>
> I tried to log everything using FINE log level but I just can see only this
> INFO message related to the token problem.
> I don't know if the ticket provided by CAS is good (
> TGT-20-zRf9RNnl7VFf7qAa3nQRm6p1rI6LxGKufN6OaF5mATI4N7c7if-cas.phloeme.com)
> or if I have a credential problem.
> I defined also a shindig.signing.state-key :is there a link?
> My Oauth client config in oauth2.json is:
> "providerName" : "shindigOAuth2Provider",
> "redirect_uri" : "%origin%%contextRoot%/gadgets/oauth2callback",
> "type" : "confidential",
> "grant_type" : "code",
> "client_id" : "shindigClient",
> "client_secret" : "phloemesecret"
> The OAuth provider config in oauth2.json is:
> "client_authentication" : "STANDARD",
> "usesAuthorizationHeader" : "false",
> "usesUrlParameter" : "true",
> "endpoints" : {
> "authorizationUrl" : "
> https://xxxxxxxxx/cas/oauth2.0/authorize
> ",
> "tokenUrl" : "
> https://xxxxxxxxx/cas/oauth2.0/accessToken";
>
> I'm stuck... any idea?
> Thanks for your answers
>
> Regards,
>
> Alexandre
>
