Hi Michele, Yes you are right, cas is not internally validating the JWT. The cas client which in my case is spring boot based web app which is using cas-client-autoconfig-support and with @EnableCasClient annotation. I am using the validation-type: CAS3 in the client. And when I authenticate against cas server, the cas is generating the JWT but the client is trying to validate the JWT like ST by sending it back to cas. Looks like the client is using Cas20ServiceTicketValidator to validate the JWT ticket which I think it should not. What changes did you do in client to not send it back to cas for validating ?
Thanks, srmudiganti On Wednesday, February 6, 2019 at 3:50:04 AM UTC-5, Michele Melluso wrote: > > Hi, > > cas is not supposed at all to internally validate the JWT, since it should > be generated by cas only after the ST is internally validated, (as its > shown on the documentation flow diagram). > > When it happened to me, it was because i was using a cas client which was > applying the cas protocol providing back the ticket argument to the > validation endpoint of cas. > Could you check that you are not using any cas client and provide your app > code that you are using to validate the jwt? > > regards > Michele > > On Monday, February 4, 2019 at 7:24:23 PM UTC+1, srmudigan wrote: >> >> Hi Michele, >> >> I have gone through the link. But before I implement reading the token on >> client side, i need to disable the validation happening on cas side. Could >> you help me how to disable the validation that's happening on cas as it's >> doing JWTvalidation like ST ticket ? It looks like after JWT is generated, >> it's getting validated on cas. The generated URL has >> redirected=true&ticket=JWT-ticket. May be that's causing the automatic >> validation ? It looks like the jwt ticket is not even reaching client. So >> can you please suggest how to stop the validation ? >> >> Thank you for your help. >> >> Regards, >> srmudiganti >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5e85a0e-bedb-4fb5-a722-1067430ac784%40apereo.org.
