hi, thanks for response. i am little confused. does cas generate an sign key automatically even if I have set the sign key?
here is my logs 2020-05-28 19:05:54,024 INFO [org.apereo.cas.util.CoreTicketUtils] - <Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using other choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.> 2020-05-28 19:05:54,082 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not enabled for [Token/JWT Tickets]. The cipher [OAuth20RegisteredServiceJwtAccessTokenCipherExecutor] will only attempt to produce signed objects> 2020-05-28 19:05:54,082 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [OAuth20RegisteredServiceJwtAccessTokenCipherExecutor] will attempt to produce plain objects> 2020-05-28 19:05:54,205 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not enabled for [OAuth JWT Access Tokens]. The cipher [OAuth20JwtAccessTokenCipherExecutor] will only attempt to produce signed objects> 2020-05-28 19:05:54,221 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [OAuth Registered Service]; CAS will attempt to auto-generate the encryption key> 2020-05-28 19:05:54,227 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated encryption key [ouEwfe6zIZrXaCwlEH9XbWoiyl_0qQpFL8_V_onea3ZDULNWzDoGiP98UJ1dl7_6_oZrX_gNfrenfkiV0phhTg] of size [512] for [OAuth Registered Service]. The generated key MUST be added to CAS settings under setting [cas.authn.oauth.crypto.encryption.key].> 2020-05-28 19:05:54,228 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for signing is not defined for [OAuth Registered Service]. CAS will attempt to auto-generate the signing key> 2020-05-28 19:05:54,228 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - *<Generated signing key [B25RcIHvRQ2xo2Gr3ya5DxghyuZ444G4w6caZXek104E-iEGC2Yt0_k5LSzR0_9o50Jp-SElSoOYv1jh2Wn1ZQ] of size [512] for [OAuth Registered Service]. The generated key MUST be added to CAS settings under setting [cas.authn.oauth.crypto.signing.key].>* 2020-05-28 19:05:54,479 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for encryption is not defined for [Ticket-granting Cookie]; CAS will attempt to auto-generate the encryption key> 2020-05-28 19:05:54,479 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated encryption key [vE6fYU7pSHl9EmvAQ17N2DGQRH8tmIjlISnbf8AyGdg] of size [256] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.encryption.key].> 2020-05-28 19:05:54,480 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Secret key for signing is not defined for [Ticket-granting Cookie]. CAS will attempt to auto-generate the signing key> 2020-05-28 19:05:54,480 WARN [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Generated signing key [j8QmyBFDtPFDPSueg_GYnrldfmoXm1wvIXu87RjeJFF7Hw_Jc5AgBAix6rAxlHBozqj-WQvJcFCjYFqJerud3g] of size [512] for [Ticket-granting Cookie]. The generated key MUST be added to CAS settings under setting [cas.tgc.crypto.signing.key].> 2020-05-28 19:05:54,657 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined under [cas.webflow.crypto.signing.key]. CAS will attempt to auto-generate the signing key> 2020-05-28 19:05:54,657 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [YBvEOAbPAV4p6zm_ehZAXyqikjjHa6JTq8WKmMiW-aaYBjvj6MJlMHCI6022tXxGBtZIrbEfTbhMwSLs7H6QBw] of size [512]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.signing.key].> 2020-05-28 19:05:54,658 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for encryption is not defined under [cas.webflow.crypto.encryption.key]. CAS will attempt to auto-generate the encryption key> 2020-05-28 19:05:54,660 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [JWDyl33aY_xIGk60XwFF9g] of size [16]. The generated key MUST be added to CAS settings under setting [cas.webflow.crypto.encryption.key].> 2020-05-28 19:05:57,693 INFO [org.apereo.cas.web.CasWebApplication] - <Started CasWebApplication in 34.797 seconds (JVM running for 37.584)> 2020-05-28 19:05:57,701 INFO [org.apereo.cas.web.CasWebApplication] - <> 2020-05-28 19:05:57,701 INFO [org.apereo.cas.web.CasWebApplication] - < ____ _____ _ ______ __ | _ \| ____| / \ | _ \ \ / / | |_) | _| / _ \ | | | \ V / | _ <| |___ / ___ \| |_| || | |_| \_\_____/_/ \_\____/ |_| > i used this key in my resource server, but nothing changed, still validation error. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/88abbac6-db96-4460-9a16-b4e04d23ab1b%40apereo.org.