Hello,
Big Thanks for sharing configuration and as a result JWT is not encrypted
and only signed.
But now I face strange issue. when I try to verify signature it fails. I am
using AES and single key to sign and JWT is generated. But the generate JWT
fails signature verification.
JWT generated as below:
2018-12-14 12:33:00,684 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
- http://localhost:/api] in service registry>
2018-12-14 12:33:00,685 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
- http://localhost:/api] in service registry>
2018-12-14 12:33:00,690 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] -
2018-12-14 12:33:00,690 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] -
2018-12-14 12:33:00,690 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
- http://localhost:/api
]>
2018-12-14 12:33:00,734 DEBUG
[org.apereo.cas.authentication.principal.DefaultResponse] - http://localhost:/api]>
2018-12-14 12:33:00,736 DEBUG
[org.apereo.cas.authentication.principal.DefaultResponse] - http://localhost:/api?redirect=true=eyJhbGciOiJSUzUxMiJ9
Verfication code used is:
final Key key = new AesKey(jwtSigning.getBytes(StandardCharsets.UTF_8));
final JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(secureJwt);
jws.setKey(key);
if (!jws.verifySignature()) {
throw new Exception("JWT verification failed");
}
On Thu, Dec 13, 2018 at 3:40 PM Giuseppe Infurna
wrote:
>
> yes
>
>
> ###Token/JWT Tickets ENCRIPTION
> cas.authn.token.crypto.enabled=true
>
> cas.authn.token.crypto.signing-enabled=true
> cas.authn.token.crypto.signing.key=
> Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g
>
> cas.authn.token.crypto.encryption-enabled=false
> cas.authn.token.crypto.encryption.key=
>
> and
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*",
> "name" : "myApplication",
> "theme" : "myApplication",
> "id" : 1003,
> "description" : "My Application",
> "evaluationOrder" : 1,
> "usernameAttributeProvider" : {
> "@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
> },
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> "accessStrategy" : {
> "@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,
> "ssoEnabled" : true
> },
> "proxyPolicy" : {
> "@class" :
> "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
> "pattern" : "^(http|https)?://.*"
> },
> "properties" : {
> "@class" : "java.util.HashMap",
> "jwtAsServiceTicket" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceProperty",
> "values" : [ "java.util.HashSet", [ "true" ] ]
> }
> }
> }
>
>
>
> Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha
> scritto:
>>
>> Sorry, but this does not work.
>> How's your service(one with definition of 'jwtAsServiceTicket', etc)
>> looks like ?
>>
>>
>> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna
>> wrote:
>>
>>> Hi all,
>>> I'm work fine with
>>>
>>> cas.authn.token.crypto.encryption-enabled=false
>>> cas.authn.token.crypto.encryption.key=
>>>
>>>
>>> Il giorno lunedì 12 novembre 2018 16:44:10 UTC+1, Xavier Rodríguez ha
>>> scritto:
>>>>
>>>> I'm configuring Cas Server 5.3.3. In one service I need to response a
>>>> JWT without encryption. Is it possible?
>>>>
>>>> I have changed in cas.properties:
>>>>
>>>> cas.authn.token.crypto.encryptionEnabled=false
>>>>
>>>> But it not has effect. In my service I don't configure the property too:
>>>>
>>>> "jwtAsServiceTicketEncryptionKey"
>>>>
>>>> How can I disable this property?
>>>>
>>>> Regards!
>>>>
>>>> - Xavier -
>>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Con