[cas-user] Re: JWT without encryption key

Mon, 24 Aug 2020 08:25:45 -0700 

I realized that It were because of different algorithm types. spring 
resource server uses hmacsha256 default when using symmetric key, but cas 
sends hmacsha512. so i updated accessTokenConverter() method like below;

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        String key = 
"RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ";
        SignatureVerifier sha512Verifier = new MacSigner("HMACSHA512", new 
SecretKeySpec(key.getBytes(), "HMACSHA512"));
        converter.setVerifier(sha512Verifier);
        return converter;
    }

29 Mayıs 2020 Cuma tarihinde saat 16:41:33 UTC+3 itibarıyla denizg şunları 
yazdı:

> hello, is there anybody that verify jwt with spring resource server? i 
> have configuration like this. when i use custom oauth2 server, it works 
> well. but when i change to cas oauth2 server, it cannot verify jwt.
>
> cas oauth2
> cas.authn.token.crypto.enabled=true
>
> cas.authn.token.crypto.signing-enabled=true
> cas.authn.oauth.crypto.signing.key=RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ
> cas.authn.token.crypto.encryption-enabled=false
> cas.authn.token.crypto.encryption.key=
>
>
> spring resource server config
>
>
> @Configuration
> @EnableResourceServer
> public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
>
>     private String signKey = 
> "RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ";
>
>
>     @Bean
>     public JwtAccessTokenConverter accessTokenConverter() {
>         JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
>         converter.setSigningKey(signKey);
>         return converter;
>     }
>
>     @Bean
>     public TokenStore tokenStore() {
>         return new JwtTokenStore(accessTokenConverter());
>     }
>
>     @Bean
>     @Primary
>     public DefaultTokenServices tokenServices() {
>         DefaultTokenServices defaultTokenServices = new 
> DefaultTokenServices();
>         defaultTokenServices.setTokenStore(tokenStore());
>         return defaultTokenServices;
>     }
>
> }
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3dd32a9-4def-4d3b-a4f1-5ec76ca971c7n%40apereo.org.

Reply via email to