pac4j delegate authentication on cas 4.2.7

[Nancy Snoke]

Hi All,

 

I am using CAS 4.2.7 and the delegate authentication does not appear to be working properly.  I got the exact same results using the demo https://github.com/casinthecloud/cas-pac4j-oauth-demo/tree/4.2.x.  In both cases twitter works and facebook does not.  Clicking the facebook link properly takes the user to Facebook, and the user can click approve and then it forwards back to CAS and displays the server error page.

 

The relevant log entries are:

2017-08-10 15:07:19,943 DEBUG [org.springframework.webflow.execution.ActionExecutor] - Executing org.jasig.cas.support.pac4j.web.flow.ClientAction@6c59325f

2017-08-10 15:07:19,944 DEBUG [org.pac4j.oauth.client.BaseOAuth20Client] - sessionState : yZkhX8vavT / stateParameter : yZkhX8vavT

2017-08-10 15:07:19,944 DEBUG [org.pac4j.oauth.client.BaseOAuth20Client] - verifier : AQCPv6onxJSaI812-O16CADAq5xYRUJwKdNwUAnbO0RTSkoRKsblQZJblwOgAhat9Hx5IaBqVeBUWdfWqWl6tWbjqnfqD2di7vBO7pWQSDK81MUkxPujexdqPjXYF1bk2l_76DgidMF1DA4_GBU-BgL6xZwmu8ul0kEDZF-RoNJdzl8-yFHp4NPceGLG8MN_N9QyIGZnNDiHX_Ea22O3Me8UJWN0Gv2v_07AncE6Dojs22pqKJ2h4eWp4MfEFjjl67jiTTBbvgV9Hrdvhnzy0RCdn-7rK1PP1orYSjjgyzByuu27gEdFKUfBNfCIycZrH68

2017-08-10 15:07:19,965 DEBUG [org.pac4j.oauth.client.FacebookClient] - credentials : <OAuthCredentials> | requestToken: null | token: null | verifier: AQCPv6onxJSaI812-O16CADAq5xYRUJwKdNwUAnbO0RTSkoRKsblQZJblwOgAhat9Hx5IaBqVeBUWdfWqWl6tWbjqnfqD2di7vBO7pWQSDK81MUkxPujexdqPjXYF1bk2l_76DgidMF1DA4_GBU-BgL6xZwmu8ul0kEDZF-RoNJdzl8-yFHp4NPceGLG8MN_N9QyIGZnNDiHX_Ea22O3Me8UJWN0Gv2v_07AncE6Dojs22pqKJ2h4eWp4MfEFjjl67jiTTBbvgV9Hrdvhnzy0RCdn-7rK1PP1orYSjjgyzByuu27gEdFKUfBNfCIycZrH68 | clientName: FacebookClient |

2017-08-10 15:07:19,966 DEBUG [org.pac4j.oauth.client.BaseOAuth20Client] - verifier : AQCPv6onxJSaI812-O16CADAq5xYRUJwKdNwUAnbO0RTSkoRKsblQZJblwOgAhat9Hx5IaBqVeBUWdfWqWl6tWbjqnfqD2di7vBO7pWQSDK81MUkxPujexdqPjXYF1bk2l_76DgidMF1DA4_GBU-BgL6xZwmu8ul0kEDZF-RoNJdzl8-yFHp4NPceGLG8MN_N9QyIGZnNDiHX_Ea22O3Me8UJWN0Gv2v_07AncE6Dojs22pqKJ2h4eWp4MfEFjjl67jiTTBbvgV9Hrdvhnzy0RCdn-7rK1PP1orYSjjgyzByuu27gEdFKUfBNfCIycZrH68

 

2017-08-10 15:07:20,900 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: org.jasig.cas.authentication.principal.ClientCredential@62d12aca

WHAT: Supplied credentials: [org.jasig.cas.authentication.principal.ClientCredential@62d12aca]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Thu Aug 10 15:07:20 CDT 2017

CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1

SERVER IP ADDRESS: 0:0:0:0:0:0:0:1

=============================================================

 

 

2017-08-10 15:07:20,905 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - Attempting to handle [org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing org.jasig.cas.support.pac4j.web.flow.ClientAction@6c59325f in state 'clientAction' of flow 'login' -- action execution attributes were 'map[[empty]]'] with root cause [org.scribe.exceptions.OAuthException: Response body is incorrect. Can't extract a token from this: '{"access_token":"EAAJuVu68W5sBAE8aNvzKSZCyZBACpRS3rMjIxw06KojA2AcOkt5ZAWY654nYjOXaAbOFciOX0XsaKf8RVTSlXaUn8iOUpJoZAWXGfmucqeets3OFWnmInjXQ4ZAsZBa5eSpkB6Hv9jKp4FfSXyX0JmORPnENj0eNgiBwUxBQnuEQZDZD","token_type":"bearer","expires_in":5183856}']

 

Does anyone have any suggestions?
Thanks,

Nancy

CONFIDENTIALITY NOTICE: This e-mail, including any attachments, may contain confidential, privileged and/or proprietary information which is solely for the use of the intended recipient(s). Any review, use, disclosure or retention by others is strictly prohibited. If you are not an intended recipient, please contact the sender and delete this e-mail, any attachments and all copies.

Permanent General Assurance Corporation | Permanent General Assurance Corporation of Ohio | The General Automobile Insurance Company, Inc. | Home Office: 2636 Elm Hill Pike, Nashville, TN 37214

[Nancy Snoke]

An update on my issue:  I found where there was a facebook update in March that is what makes the 4.2.7 facebook login not work anymore. 

 

So I tried the latest version of the social sign on casa demo project https://github.com/casinthecloud/cas-pac4j-oauth-demo/tree/master and that does not work either.  The twitter had an error after being redirected back to cas, and the redirect to facebook had facebook displaying an error.  This version uses cas 5.0.

 

Does anyone have social sign on working today in CAS and if so what version of CAS are you using?

 

Thanks,

Nancy

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ebe11493a6df4fe9aa8f79226c1c147a%40TGI-EX13MBX01.pgac.com.