Hi all,
I am trying to follow the CAS docs to configure a service to return jwt's but not having much success. Docs I am reading on this: https://apereo.github.io/cas/5.2.x/installation/Configure-ServiceTicket-JWT.html https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/ (JWT Service Tickets portion) My cas.properties has: cas.authn.token.crypto.enabled=true cas.authn.token.crypto.encryptionEnabled=true cas.authn.token.crypto.signing.key=/etc/cas/config/token-signing.jwk cas.authn.token.crypto.signing.keySize=512 cas.authn.token.crypto.encryption.key=/etc/cas/config/token-encryption.jwk cas.authn.token.crypto.encryption.keySize=256 cas.authn.token.crypto.alg=AES jwk's generated per docs: wget https://raw.githubusercontent.com/apereo/cas/master/etc/jwk-gen.jar java -jar jwk-gen.jar -t oct -s 512 >/etc/cas/config/token-signing.jwk java -jar jwk-gen.jar -t oct -s 256 >/etc/cas/config/token-encryption.jwk $ file /etc/cas/config/token* /etc/cas/config/token-encryption.jwk: ASCII text /etc/cas/config/token-signing.jwk: ASCII text Using maven overlay, my pom.xml has the rest snippet: <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-token-tickets</artifactId> <version>${cas.version}</version> </dependency> My service has the jwt as ticket property: properties: { @class: java.util.LinkedHashMap jwtAsServiceTicket: { @class: org.apereo.cas.services.DefaultRegisteredServiceProperty values: [ java.util.HashSet [ "true" ] ] } } In the CAS CLI I can generate a jwt that appears valid. But when I use my service via web browser I see no header or cookie referencing a ticket with JWT- prefix, nor a jwt formatted base64 string, I just see the normal ST- ticket. I'm using a simple tomcat webapp wit cas client filters and java-cas-client 3.5.0. Anyone made JWT's work yet for cas 5.2.3? Any idea what step I missed? Thanks, William -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ce63d92-fef6-41c4-9167-9c388f73d3e7%40apereo.org.
