[cas-user] CAS 5.2 return JWT for service

[William E.]

Hi all,


I am trying to follow the CAS docs to configure a service to return jwt's 
but not having much success. 

Docs I am reading on this:

 
https://apereo.github.io/cas/5.2.x/installation/Configure-ServiceTicket-JWT.html
 
 https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/ (JWT Service 
Tickets portion)


My cas.properties has:

cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.encryptionEnabled=true
cas.authn.token.crypto.signing.key=/etc/cas/config/token-signing.jwk
cas.authn.token.crypto.signing.keySize=512
cas.authn.token.crypto.encryption.key=/etc/cas/config/token-encryption.jwk
cas.authn.token.crypto.encryption.keySize=256
cas.authn.token.crypto.alg=AES


jwk's generated per docs:

wget https://raw.githubusercontent.com/apereo/cas/master/etc/jwk-gen.jar
java -jar jwk-gen.jar -t oct -s 512 >/etc/cas/config/token-signing.jwk
java -jar jwk-gen.jar -t oct -s 256 >/etc/cas/config/token-encryption.jwk

$ file /etc/cas/config/token*
/etc/cas/config/token-encryption.jwk: ASCII text
/etc/cas/config/token-signing.jwk: ASCII text


Using maven overlay, my pom.xml has the rest snippet:


org.apereo.cas
cas-server-support-token-tickets
${cas.version}



My service has the jwt as ticket property:

properties:
{
@class: java.util.LinkedHashMap
jwtAsServiceTicket:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceProperty
values:
[
java.util.HashSet
[
"true"
]
]
}
}

In the CAS CLI I can generate a jwt that appears valid. But when I use my 
service via web browser I see no header or cookie referencing a ticket with 
JWT- prefix, nor a jwt formatted base64 string, I just see the normal ST- 
ticket. I'm using a simple tomcat webapp wit cas client filters and 
java-cas-client 3.5.0. 

Anyone made JWT's work yet for cas 5.2.3?  Any idea what step I missed?

Thanks,
William


-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ce63d92-fef6-41c4-9167-9c388f73d3e7%40apereo.org.

Re: [cas-user] CAS 5.2 return JWT for service

[Cristina Vlaicu]

Rhfbc

On Thu, Apr 12, 2018, 01:40 William E.  wrote:

> Hi all,
>
>
> I am trying to follow the CAS docs to configure a service to return jwt's
> but not having much success.
>
> Docs I am reading on this:
>
>
> https://apereo.github.io/cas/5.2.x/installation/Configure-ServiceTicket-JWT.html
>
>  https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/ (JWT Service
> Tickets portion)
>
>
> My cas.properties has:
>
> cas.authn.token.crypto.enabled=true
> cas.authn.token.crypto.encryptionEnabled=true
> cas.authn.token.crypto.signing.key=/etc/cas/config/token-signing.jwk
> cas.authn.token.crypto.signing.keySize=512
> cas.authn.token.crypto.encryption.key=/etc/cas/config/token-encryption.jwk
> cas.authn.token.crypto.encryption.keySize=256
> cas.authn.token.crypto.alg=AES
>
>
> jwk's generated per docs:
>
> wget https://raw.githubusercontent.com/apereo/cas/master/etc/jwk-gen.jar
> java -jar jwk-gen.jar -t oct -s 512 >/etc/cas/config/token-signing.jwk
> java -jar jwk-gen.jar -t oct -s 256 >/etc/cas/config/token-encryption.jwk
>
> $ file /etc/cas/config/token*
> /etc/cas/config/token-encryption.jwk: ASCII text
> /etc/cas/config/token-signing.jwk: ASCII text
>
>
> Using maven overlay, my pom.xml has the rest snippet:
>
> 
> org.apereo.cas
> cas-server-support-token-tickets
> ${cas.version}
> 
>
>
> My service has the jwt as ticket property:
>
> properties:
> {
> @class: java.util.LinkedHashMap
> jwtAsServiceTicket:
> {
> @class: org.apereo.cas.services.DefaultRegisteredServiceProperty
> values:
> [
> java.util.HashSet
> [
> "true"
> ]
> ]
> }
> }
>
> In the CAS CLI I can generate a jwt that appears valid. But when I use my
> service via web browser I see no header or cookie referencing a ticket with
> JWT- prefix, nor a jwt formatted base64 string, I just see the normal ST-
> ticket. I'm using a simple tomcat webapp wit cas client filters and
> java-cas-client 3.5.0.
>
> Anyone made JWT's work yet for cas 5.2.3?  Any idea what step I missed?
>
> Thanks,
> William
>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2ce63d92-fef6-41c4-9167-9c388f73d3e7%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALm%2ByJ0J5P6me6cOtoEgA_YKUTD0AF2B9eF-QMqBf_PrciCzQA%40mail.gmail.com.