You might check out the server configuration section of the CAS deployment guide that David Curry has put together https://dacurry-tns.github.io/deploying-apereo-cas/building_server_configure-server-properties.html. My guess is that there is a slight mistake in what you are currently doing and perhaps if you go through David’s step-by-step it will show you what is off in your current approach.
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Curtis Ruck Sent: Thursday, September 13, 2018 4:01 PM To: CAS Community <cas-user@apereo.org> Subject: [cas-user] Re: encryption and signing key generation The problem is due to the chicken and egg issue. I need to prepopulate the cas.properties, so the service can start up and work (without human intervention). I'm trying my best to avoid having to start a service, parse the logs, and modify config, then restart the service. The documentation seems very light on these keys. On Thursday, September 13, 2018 at 10:03:02 AM UTC-4, William E. wrote: +1 I ended up grabbing values from the cas startup logs and setting in my cas.properties. Seems to work. On Wednesday, September 12, 2018 at 3:34:32 PM UTC-5, Curtis Ruck wrote: So i'm trying to automate the generation and persistence of the cas.tgc.crypto and cas.webflow.crypto encryption and signing keys. I'm using the jwk-gen.jar, and when i store the key in cas.properties, i end up with "Invalid AES key length: 43 bytes" when trying to access the login page. If I let CAS generate a key, its the same exact string length (43 bytes). What is different between my key versus cas's generated keys? Then i'm extracting the k value from the json, and inserting it into my cas.properties. java -jar jwk-gen.jar -t oct 256 -o tgc-enc.jwks java -jar jwk-gen.jar -t oct 512 -o tgc-sig.jwks java -jar jwk-gen.jar -t oct 256 -o webflow-enc.jwks java -jar jwk-gen.jar -t oct 512 -o webflow-sig.jwks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org <mailto:cas-user+unsubscr...@apereo.org> . To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/16619ee4-f77f-4436-9237-5a0e812bd17f%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/16619ee4-f77f-4436-9237-5a0e812bd17f%40apereo.org?utm_medium=email&utm_source=footer> . -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/032e01d44b9d%249d9eb680%24d8dc2380%24%40gmail.com.