Re: [cas-user] Re: JWT without encryption key
i'm using io.jsonwebtoken.jjwt library
Jwts.parser().setSigningKey().parseClaimsJws();
Il giorno venerdì 14 dicembre 2018 14:02:14 UTC+1, Devendra Sisodia ha
scritto:
>
> Hello,
>
> Big Thanks for sharing configuration and as a result JWT is not encrypted
> and only signed.
>
> But now I face strange issue. when I try to verify signature it fails. I
> am using AES and single key to sign and JWT is generated. But the generate
> JWT fails signature verification.
>
> JWT generated as below:
> 2018-12-14 12:33:00,684 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
> - http://localhost:/api] in service registry>
> 2018-12-14 12:33:00,685 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
> - http://localhost:/api] in service registry>
> 2018-12-14 12:33:00,690 WARN
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - enabled for [Token/JWT Tickets]. The cipher
> [RegisteredServiceTokenTicketCipherExecutor] will only attempt to produce
> signed objects>
> 2018-12-14 12:33:00,690 WARN
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - enabled for [Token/JWT Tickets]. The cipher
> [RegisteredServiceTokenTicketCipherExecutor] will attempt to produce plain
> objects>
> 2018-12-14 12:33:00,690 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
> - http://localhost:/api]>
> 2018-12-14 12:33:00,734 DEBUG
> [org.apereo.cas.authentication.principal.DefaultResponse] - for redirect response is [http://localhost:/api]>
> 2018-12-14 12:33:00,736 DEBUG
> [org.apereo.cas.authentication.principal.DefaultResponse] - response is [
> http://localhost:/api?redirect=true=eyJhbGciOiJSUzUxMiJ9
>
> Verfication code used is:
> final Key key = new AesKey(jwtSigning.getBytes(StandardCharsets.UTF_8));
>
> final JsonWebSignature jws = new JsonWebSignature();
> jws.setCompactSerialization(secureJwt);
> jws.setKey(key);
> if (!jws.verifySignature()) {
> throw new Exception("JWT verification failed");
> }
>
> On Thu, Dec 13, 2018 at 3:40 PM Giuseppe Infurna > wrote:
>
>>
>> yes
>>
>>
>> ###Token/JWT Tickets ENCRIPTION
>> cas.authn.token.crypto.enabled=true
>>
>> cas.authn.token.crypto.signing-enabled=true
>> cas.authn.token.crypto.signing.key=
>> Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g
>>
>> cas.authn.token.crypto.encryption-enabled=false
>> cas.authn.token.crypto.encryption.key=
>>
>> and
>>
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*",
>> "name" : "myApplication",
>> "theme" : "myApplication",
>> "id" : 1003,
>> "description" : "My Application",
>> "evaluationOrder" : 1,
>> "usernameAttributeProvider" : {
>> "@class" :
>> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
>> },
>> "attributeReleasePolicy" : {
>> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>> },
>> "accessStrategy" : {
>> "@class" :
>> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
>> "enabled" : true,
>> "ssoEnabled" : true
>> },
>> "proxyPolicy" : {
>> "@class" :
>> "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
>> "pattern" : "^(http|https)?://.*"
>> },
>> "properties" : {
>> "@class" : "java.util.HashMap",
>> "jwtAsServiceTicket" : {
>> "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",
>> "values" : [ "java.util.HashSet", [ "true" ] ]
>> }
>> }
>> }
>>
>>
>>
>> Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha
>> scritto:
>>>
>>> Sorry, but this does not work.
>>> How's your service(one with definition of 'jwtAsServiceTicket', etc)
>>> looks like ?
>>>
>>>
>>> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna
>>> wrote:
>>>
Hi all,
I'm work fine with
cas.authn.token.crypto.encryption-enabled=false
cas.authn.token.crypto.encryption.key=
Il giorno lunedì 12 novembre 2018 16:44:10 UTC+1, Xavier Rodríguez ha
scritto:
>
> I'm configuring Cas Server 5.3.3. In one service I need to response a
> JWT without encryption. Is it possible?
>
> I have changed in cas.properties:
>
> cas.authn.token.crypto.encryptionEnabled=false
>
> But it not has effect. In my service I don't configure the property
> too:
>
> "jwtAsServiceTicketEncryptionKey"
>
> How can I disable this property?
>
> Regards!
>
> - Xavier -
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+u...@apereo.org.
Re: [cas-user] Re: JWT without encryption key
Hello,
Big Thanks for sharing configuration and as a result JWT is not encrypted
and only signed.
But now I face strange issue. when I try to verify signature it fails. I am
using AES and single key to sign and JWT is generated. But the generate JWT
fails signature verification.
JWT generated as below:
2018-12-14 12:33:00,684 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
- http://localhost:/api] in service registry>
2018-12-14 12:33:00,685 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
- http://localhost:/api] in service registry>
2018-12-14 12:33:00,690 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] -
2018-12-14 12:33:00,690 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] -
2018-12-14 12:33:00,690 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
- http://localhost:/api
]>
2018-12-14 12:33:00,734 DEBUG
[org.apereo.cas.authentication.principal.DefaultResponse] - http://localhost:/api]>
2018-12-14 12:33:00,736 DEBUG
[org.apereo.cas.authentication.principal.DefaultResponse] - http://localhost:/api?redirect=true=eyJhbGciOiJSUzUxMiJ9
Verfication code used is:
final Key key = new AesKey(jwtSigning.getBytes(StandardCharsets.UTF_8));
final JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(secureJwt);
jws.setKey(key);
if (!jws.verifySignature()) {
throw new Exception("JWT verification failed");
}
On Thu, Dec 13, 2018 at 3:40 PM Giuseppe Infurna
wrote:
>
> yes
>
>
> ###Token/JWT Tickets ENCRIPTION
> cas.authn.token.crypto.enabled=true
>
> cas.authn.token.crypto.signing-enabled=true
> cas.authn.token.crypto.signing.key=
> Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g
>
> cas.authn.token.crypto.encryption-enabled=false
> cas.authn.token.crypto.encryption.key=
>
> and
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*",
> "name" : "myApplication",
> "theme" : "myApplication",
> "id" : 1003,
> "description" : "My Application",
> "evaluationOrder" : 1,
> "usernameAttributeProvider" : {
> "@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
> },
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> "accessStrategy" : {
> "@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,
> "ssoEnabled" : true
> },
> "proxyPolicy" : {
> "@class" :
> "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
> "pattern" : "^(http|https)?://.*"
> },
> "properties" : {
> "@class" : "java.util.HashMap",
> "jwtAsServiceTicket" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceProperty",
> "values" : [ "java.util.HashSet", [ "true" ] ]
> }
> }
> }
>
>
>
> Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha
> scritto:
>>
>> Sorry, but this does not work.
>> How's your service(one with definition of 'jwtAsServiceTicket', etc)
>> looks like ?
>>
>>
>> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna
>> wrote:
>>
>>> Hi all,
>>> I'm work fine with
>>>
>>> cas.authn.token.crypto.encryption-enabled=false
>>> cas.authn.token.crypto.encryption.key=
>>>
>>>
>>> Il giorno lunedì 12 novembre 2018 16:44:10 UTC+1, Xavier Rodríguez ha
>>> scritto:
I'm configuring Cas Server 5.3.3. In one service I need to response a
JWT without encryption. Is it possible?
I have changed in cas.properties:
cas.authn.token.crypto.encryptionEnabled=false
But it not has effect. In my service I don't configure the property too:
"jwtAsServiceTicketEncryptionKey"
How can I disable this property?
Regards!
- Xavier -
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cdbba7e-75b3-4a5f-9e4b-c68b9e8a233a%40apereo.org
>>>
>>> .
>>>
>>
>>
>> --
>> --
>>
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
