[cas-user] Re: JWT without encryption key
I realized that It were because of different algorithm types. spring
resource server uses hmacsha256 default when using symmetric key, but cas
sends hmacsha512. so i updated accessTokenConverter() method like below;
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
String key =
"RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ";
SignatureVerifier sha512Verifier = new MacSigner("HMACSHA512", new
SecretKeySpec(key.getBytes(), "HMACSHA512"));
converter.setVerifier(sha512Verifier);
return converter;
}
29 Mayıs 2020 Cuma tarihinde saat 16:41:33 UTC+3 itibarıyla denizg şunları
yazdı:
> hello, is there anybody that verify jwt with spring resource server? i
> have configuration like this. when i use custom oauth2 server, it works
> well. but when i change to cas oauth2 server, it cannot verify jwt.
>
> cas oauth2
> cas.authn.token.crypto.enabled=true
>
> cas.authn.token.crypto.signing-enabled=true
> cas.authn.oauth.crypto.signing.key=RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ
> cas.authn.token.crypto.encryption-enabled=false
> cas.authn.token.crypto.encryption.key=
>
>
> spring resource server config
>
>
> @Configuration
> @EnableResourceServer
> public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
>
> private String signKey =
> "RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ";
>
>
> @Bean
> public JwtAccessTokenConverter accessTokenConverter() {
> JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
> converter.setSigningKey(signKey);
> return converter;
> }
>
> @Bean
> public TokenStore tokenStore() {
> return new JwtTokenStore(accessTokenConverter());
> }
>
> @Bean
> @Primary
> public DefaultTokenServices tokenServices() {
> DefaultTokenServices defaultTokenServices = new
> DefaultTokenServices();
> defaultTokenServices.setTokenStore(tokenStore());
> return defaultTokenServices;
> }
>
> }
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3dd32a9-4def-4d3b-a4f1-5ec76ca971c7n%40apereo.org.
[cas-user] Re: JWT without encryption key
hello, is there anybody that verify jwt with spring resource server? i have
configuration like this. when i use custom oauth2 server, it works well.
but when i change to cas oauth2 server, it cannot verify jwt.
cas oauth2
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.signing-enabled=true
cas.authn.oauth.crypto.signing.key=RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ
cas.authn.token.crypto.encryption-enabled=false
cas.authn.token.crypto.encryption.key=
spring resource server config
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
private String signKey =
"RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ";
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(signKey);
return converter;
}
@Bean
public TokenStore tokenStore() {
return new JwtTokenStore(accessTokenConverter());
}
@Bean
@Primary
public DefaultTokenServices tokenServices() {
DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
defaultTokenServices.setTokenStore(tokenStore());
return defaultTokenServices;
}
}
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/714914de-cba6-4428-a87e-51f51c94b25b%40apereo.org.
Re: [cas-user] Re: JWT without encryption key
Hi all,
I got a similar issue when I try to verify the jwt signature with several
libreries including Node.js jsonwebtoken, since the library allows only
base64url encoded tokens because of mentioned RFC7515.
With java-jwt library the token is correctly verified.
Debugging the code i found in cas version 6.0 EncodingUtils.java:362 the
following code:
@SneakyThrows
361 public static byte[] signJws(final Key key, final byte[] value,
final String algHeaderValue) {
362 val base64 = EncodingUtils.encodeBase64(value);
363 val jws = new JsonWebSignature();
364 jws.setEncodedPayload(base64);
365 jws.setAlgorithmHeaderValue(algHeaderValue);
366 jws.setKey(key);
367 jws.setHeader("typ", "JWT");
368 return
jws.getCompactSerialization().getBytes(StandardCharsets.UTF_8);
369 }
could it be convenient to use the base64url encoder in the same class
instead? I've been trying to inject the patch into my overlay environment
without success because of my poor gradle skills.
best regards
Michele
On Monday, December 17, 2018 at 4:04:38 PM UTC+1, William E. wrote:
>
> I think the jwt as seen in the url as the value for the token parameter
> has been rul'ized by converting some characters to their html entity
> values. If you look at the same jwt as seen in the cas logs you will find
> it does not have the html characters, it's pure base64. If I use that
> value or convert the token value to non-url safe characters, it will
> validate with jose.
>
> However, although I can validate in jose in java and python, I cannot in
> another python jwt library. I've been in direct contact with that
> maintainer and they tell me the jwt built by cas may not be following
> spec. That the signature is being built with the base64, not base64-url
> encoding. Jose validates because it doesn't verify payload first. I'm not
> sure where the issue is for certain as I am no jwt expert. Perhaps one of
> the cas developers can weigh in?
>
> From the jwcrypto library maintainer:
>
> RFC7515 point 2:
>
> Base64url Encoding
> Base64 encoding using the URL- and filename-safe character set
> defined in Section 5 of RFC 4648 [RFC4648], with all trailing '='
> characters omitted (as permitted by Section 3.2) and without the
> inclusion of any line breaks, whitespace, or other additional
> characters. Note that the base64url encoding of the empty octet
> sequence is the empty string. (See Appendix C for notes on
> implementing base64url encoding without padding.)
>
>
> -W
>
>
> On Monday, December 17, 2018 at 6:10:51 AM UTC-6, Devendra Sisodia wrote:
>>
>> I am observing that extra non base64 char are appended to payload. If i
>> remove them then I am able to verify signature. Can someone suggest if this
>> is CAS issue or issue in my configurations ?
>>
>>
>> JWT:eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJpdmVyYXNlIiwiaXNGcm9tTmV3TG9naW4iOiJ0cnVlIiwiYXV0aGVudGljYXRpb25EYXRlIjoiMjAxOC0xMi0xN1QxMzowNTowOS43MzkrMDE6MDBbRXVyb3BlXC9CZXJsaW5dIiwicm9sZXMiOlsidXNlciIsImFjZV9vcGVyYXRvciIsIkFSQ0hJVkVfT1BFUkFUT1IiLCJQSEFTRTNfT1BFUkFUT1IiLCJHTkxUX1VTRVIiLCJDQVRBTE9HVUVfT1BFUkFUT1IiLCJhc21fdXNlciJdLCJzdWNjZXNzZnVsQXV0aGVudGljYXRpb25IYW5kbGVycyI6IkVTTyBBdXRoIEhhbmRsZXIiLCJpc3MiOiJodHRwczpcL1wvY2FzLmV4YW1wbGUub3JnOjg0NDNcL3NzbyIsImNyZWRlbnRpYWxUeXBlIjoiVXNlcm5hbWVQYXNzd29yZENyZWRlbnRpYWwiLCJhdWQiOiJodHRwOlwvXC9sb2NhbGhvc3Q6ODg4OFwvYXBpIiwiaXNJbXBlcnNvbmF0aW5nIjoiZmFsc2UiLCJhdXRoZW50aWNhdGlvbk1ldGhvZCI6IkVTTyBBdXRoIEhhbmRsZXIiLCJsb25nVGVybUF1dGhlbnRpY2F0aW9uUmVxdWVzdFRva2VuVXNlZCI6ImZhbHNlIiwiZXhwIjoxNTQ1MDc3MTEwLCJpYXQiOjE1NDUwNDgzMTAsImp0aSI6IlNULTEtYUZwSnRnRXFXTHc3VUREVlN3VnB4SGZucDhnR0EwMjI1ODcifQ
>> %3D%3D
>> .WB71awCAFz2tsa1ZqoZnWacKKVAarjsylBuOvnetHf9CHsIFgYtg58-2hCbeJT-gMFlCzaolriDsks1bE_RIPw
>>
>> If I remove '%3D%3D' from JWT then verification succeeds.
>>
>>
>>
>> On Sat, Dec 15, 2018 at 4:14 PM William E. wrote:
>>
>>> I think you are seeing the discrepancy due to base64 vs. base64url
>>> decoding. I think the jwt spec. wants base64 url vs. plain base64.
>>>
>>> https://en.wikipedia.org/wiki/Base64#URL_applications
>>>
>>>
>>> On Friday, December 14, 2018 at 9:37:45 AM UTC-6, Devendra Sisodia wrote:
While decoding JWT there is error "Bad Base64 input character decimal
37 in array position 806" Which means 37(%) is not allowed in encoded base
64 string in JWT.
My JWT looks like below and yellow highlighted is the 806th element
that cannot be base 64 decode.
eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJpdmVyYXNlINTg3In0%3D.
UmNz8ikEOFYqPgHRmZb1SK6A1pRFu48fSfYTasMGYHKtg7V8JepAfwunXwFeHsx5JTi4yKBug1Tq9PqfdY93lA
On Fri, Dec 14, 2018 at 2:11 PM Giuseppe Infurna
wrote:
>
> i'm using io.jsonwebtoken.jjwt library
>
> Jwts.parser().setSigningKey().parseClaimsJws();
>
>
>
> Il giorno venerdì 14 dicembre 2018 14:02:14 UTC+1, Devendra Sisodia ha
> scritto:
>>
>> Hello,
Re: [cas-user] Re: JWT without encryption key
I think you are seeing the discrepancy due to base64 vs. base64url
decoding. I think the jwt spec. wants base64 url vs. plain base64.
https://en.wikipedia.org/wiki/Base64#URL_applications
On Friday, December 14, 2018 at 9:37:45 AM UTC-6, Devendra Sisodia wrote:
>
> While decoding JWT there is error "Bad Base64 input character decimal 37
> in array position 806" Which means 37(%) is not allowed in encoded base 64
> string in JWT.
>
> My JWT looks like below and yellow highlighted is the 806th element that
> cannot be base 64 decode.
>
> eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJpdmVyYXNlINTg3In0%3D.
> UmNz8ikEOFYqPgHRmZb1SK6A1pRFu48fSfYTasMGYHKtg7V8JepAfwunXwFeHsx5JTi4yKBug1Tq9PqfdY93lA
>
> On Fri, Dec 14, 2018 at 2:11 PM Giuseppe Infurna > wrote:
>
>>
>> i'm using io.jsonwebtoken.jjwt library
>>
>> Jwts.parser().setSigningKey().parseClaimsJws();
>>
>>
>>
>> Il giorno venerdì 14 dicembre 2018 14:02:14 UTC+1, Devendra Sisodia ha
>> scritto:
>>>
>>> Hello,
>>>
>>> Big Thanks for sharing configuration and as a result JWT is not
>>> encrypted and only signed.
>>>
>>> But now I face strange issue. when I try to verify signature it fails. I
>>> am using AES and single key to sign and JWT is generated. But the generate
>>> JWT fails signature verification.
>>>
>>> JWT generated as below:
>>> 2018-12-14 12:33:00,684 DEBUG
>>> [org.apereo.cas.token.JWTTokenTicketBuilder] - >> http://localhost:/api] in service registry>
>>> 2018-12-14 12:33:00,685 DEBUG
>>> [org.apereo.cas.token.JWTTokenTicketBuilder] - >> signing and encryption keys for [http://localhost:/api] in service
>>> registry>
>>> 2018-12-14 12:33:00,690 WARN
>>> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - >> enabled for [Token/JWT Tickets]. The cipher
>>> [RegisteredServiceTokenTicketCipherExecutor] will only attempt to produce
>>> signed objects>
>>> 2018-12-14 12:33:00,690 WARN
>>> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - >> enabled for [Token/JWT Tickets]. The cipher
>>> [RegisteredServiceTokenTicketCipherExecutor] will attempt to produce plain
>>> objects>
>>> 2018-12-14 12:33:00,690 DEBUG
>>> [org.apereo.cas.token.JWTTokenTicketBuilder] - >> default global keys for [http://localhost:/api]>
>>> 2018-12-14 12:33:00,734 DEBUG
>>> [org.apereo.cas.authentication.principal.DefaultResponse] - >> for redirect response is [http://localhost:/api]>
>>> 2018-12-14 12:33:00,736 DEBUG
>>> [org.apereo.cas.authentication.principal.DefaultResponse] - >> response is [
>>> http://localhost:/api?redirect=true=eyJhbGciOiJSUzUxMiJ9
>>>
>>> Verfication code used is:
>>> final Key key = new AesKey(jwtSigning.getBytes(StandardCharsets.UTF_8));
>>>
>>> final JsonWebSignature jws = new JsonWebSignature();
>>> jws.setCompactSerialization(secureJwt);
>>> jws.setKey(key);
>>> if (!jws.verifySignature()) {
>>> throw new Exception("JWT verification failed");
>>> }
>>>
>>> On Thu, Dec 13, 2018 at 3:40 PM Giuseppe Infurna
>>> wrote:
>>>
yes
###Token/JWT Tickets ENCRIPTION
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.signing-enabled=true
cas.authn.token.crypto.signing.key=
Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g
cas.authn.token.crypto.encryption-enabled=false
cas.authn.token.crypto.encryption.key=
and
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*",
"name" : "myApplication",
"theme" : "myApplication",
"id" : 1003,
"description" : "My Application",
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" :
"org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"attributeReleasePolicy" : {
"@class" :
"org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" :
"org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
},
"proxyPolicy" : {
"@class" :
"org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern" : "^(http|https)?://.*"
},
"properties" : {
"@class" : "java.util.HashMap",
"jwtAsServiceTicket" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "true" ] ]
}
}
}
Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha
scritto:
>
> Sorry, but this does not work.
> How's your service(one with definition of 'jwtAsServiceTicket', etc)
> looks like ?
>
>
> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna
> wrote:
>
>> Hi all,
>> I'm work fine with
>>
>>
Re: [cas-user] Re: JWT without encryption key
i'm using io.jsonwebtoken.jjwt library
Jwts.parser().setSigningKey().parseClaimsJws();
Il giorno venerdì 14 dicembre 2018 14:02:14 UTC+1, Devendra Sisodia ha
scritto:
>
> Hello,
>
> Big Thanks for sharing configuration and as a result JWT is not encrypted
> and only signed.
>
> But now I face strange issue. when I try to verify signature it fails. I
> am using AES and single key to sign and JWT is generated. But the generate
> JWT fails signature verification.
>
> JWT generated as below:
> 2018-12-14 12:33:00,684 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
> - http://localhost:/api] in service registry>
> 2018-12-14 12:33:00,685 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
> - http://localhost:/api] in service registry>
> 2018-12-14 12:33:00,690 WARN
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - enabled for [Token/JWT Tickets]. The cipher
> [RegisteredServiceTokenTicketCipherExecutor] will only attempt to produce
> signed objects>
> 2018-12-14 12:33:00,690 WARN
> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - enabled for [Token/JWT Tickets]. The cipher
> [RegisteredServiceTokenTicketCipherExecutor] will attempt to produce plain
> objects>
> 2018-12-14 12:33:00,690 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
> - http://localhost:/api]>
> 2018-12-14 12:33:00,734 DEBUG
> [org.apereo.cas.authentication.principal.DefaultResponse] - for redirect response is [http://localhost:/api]>
> 2018-12-14 12:33:00,736 DEBUG
> [org.apereo.cas.authentication.principal.DefaultResponse] - response is [
> http://localhost:/api?redirect=true=eyJhbGciOiJSUzUxMiJ9
>
> Verfication code used is:
> final Key key = new AesKey(jwtSigning.getBytes(StandardCharsets.UTF_8));
>
> final JsonWebSignature jws = new JsonWebSignature();
> jws.setCompactSerialization(secureJwt);
> jws.setKey(key);
> if (!jws.verifySignature()) {
> throw new Exception("JWT verification failed");
> }
>
> On Thu, Dec 13, 2018 at 3:40 PM Giuseppe Infurna > wrote:
>
>>
>> yes
>>
>>
>> ###Token/JWT Tickets ENCRIPTION
>> cas.authn.token.crypto.enabled=true
>>
>> cas.authn.token.crypto.signing-enabled=true
>> cas.authn.token.crypto.signing.key=
>> Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g
>>
>> cas.authn.token.crypto.encryption-enabled=false
>> cas.authn.token.crypto.encryption.key=
>>
>> and
>>
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*",
>> "name" : "myApplication",
>> "theme" : "myApplication",
>> "id" : 1003,
>> "description" : "My Application",
>> "evaluationOrder" : 1,
>> "usernameAttributeProvider" : {
>> "@class" :
>> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
>> },
>> "attributeReleasePolicy" : {
>> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
>> },
>> "accessStrategy" : {
>> "@class" :
>> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
>> "enabled" : true,
>> "ssoEnabled" : true
>> },
>> "proxyPolicy" : {
>> "@class" :
>> "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
>> "pattern" : "^(http|https)?://.*"
>> },
>> "properties" : {
>> "@class" : "java.util.HashMap",
>> "jwtAsServiceTicket" : {
>> "@class" :
>> "org.apereo.cas.services.DefaultRegisteredServiceProperty",
>> "values" : [ "java.util.HashSet", [ "true" ] ]
>> }
>> }
>> }
>>
>>
>>
>> Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha
>> scritto:
>>>
>>> Sorry, but this does not work.
>>> How's your service(one with definition of 'jwtAsServiceTicket', etc)
>>> looks like ?
>>>
>>>
>>> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna
>>> wrote:
>>>
Hi all,
I'm work fine with
cas.authn.token.crypto.encryption-enabled=false
cas.authn.token.crypto.encryption.key=
Il giorno lunedì 12 novembre 2018 16:44:10 UTC+1, Xavier Rodríguez ha
scritto:
>
> I'm configuring Cas Server 5.3.3. In one service I need to response a
> JWT without encryption. Is it possible?
>
> I have changed in cas.properties:
>
> cas.authn.token.crypto.encryptionEnabled=false
>
> But it not has effect. In my service I don't configure the property
> too:
>
> "jwtAsServiceTicketEncryptionKey"
>
> How can I disable this property?
>
> Regards!
>
> - Xavier -
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to cas-user+u...@apereo.org.
Re: [cas-user] Re: JWT without encryption key
Hello,
Big Thanks for sharing configuration and as a result JWT is not encrypted
and only signed.
But now I face strange issue. when I try to verify signature it fails. I am
using AES and single key to sign and JWT is generated. But the generate JWT
fails signature verification.
JWT generated as below:
2018-12-14 12:33:00,684 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
- http://localhost:/api] in service registry>
2018-12-14 12:33:00,685 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
- http://localhost:/api] in service registry>
2018-12-14 12:33:00,690 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] -
2018-12-14 12:33:00,690 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] -
2018-12-14 12:33:00,690 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder]
- http://localhost:/api
]>
2018-12-14 12:33:00,734 DEBUG
[org.apereo.cas.authentication.principal.DefaultResponse] - http://localhost:/api]>
2018-12-14 12:33:00,736 DEBUG
[org.apereo.cas.authentication.principal.DefaultResponse] - http://localhost:/api?redirect=true=eyJhbGciOiJSUzUxMiJ9
Verfication code used is:
final Key key = new AesKey(jwtSigning.getBytes(StandardCharsets.UTF_8));
final JsonWebSignature jws = new JsonWebSignature();
jws.setCompactSerialization(secureJwt);
jws.setKey(key);
if (!jws.verifySignature()) {
throw new Exception("JWT verification failed");
}
On Thu, Dec 13, 2018 at 3:40 PM Giuseppe Infurna
wrote:
>
> yes
>
>
> ###Token/JWT Tickets ENCRIPTION
> cas.authn.token.crypto.enabled=true
>
> cas.authn.token.crypto.signing-enabled=true
> cas.authn.token.crypto.signing.key=
> Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g
>
> cas.authn.token.crypto.encryption-enabled=false
> cas.authn.token.crypto.encryption.key=
>
> and
>
> {
> "@class" : "org.apereo.cas.services.RegexRegisteredService",
> "serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*",
> "name" : "myApplication",
> "theme" : "myApplication",
> "id" : 1003,
> "description" : "My Application",
> "evaluationOrder" : 1,
> "usernameAttributeProvider" : {
> "@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
> },
> "attributeReleasePolicy" : {
> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
> },
> "accessStrategy" : {
> "@class" :
> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
> "enabled" : true,
> "ssoEnabled" : true
> },
> "proxyPolicy" : {
> "@class" :
> "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
> "pattern" : "^(http|https)?://.*"
> },
> "properties" : {
> "@class" : "java.util.HashMap",
> "jwtAsServiceTicket" : {
> "@class" :
> "org.apereo.cas.services.DefaultRegisteredServiceProperty",
> "values" : [ "java.util.HashSet", [ "true" ] ]
> }
> }
> }
>
>
>
> Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha
> scritto:
>>
>> Sorry, but this does not work.
>> How's your service(one with definition of 'jwtAsServiceTicket', etc)
>> looks like ?
>>
>>
>> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna
>> wrote:
>>
>>> Hi all,
>>> I'm work fine with
>>>
>>> cas.authn.token.crypto.encryption-enabled=false
>>> cas.authn.token.crypto.encryption.key=
>>>
>>>
>>> Il giorno lunedì 12 novembre 2018 16:44:10 UTC+1, Xavier Rodríguez ha
>>> scritto:
I'm configuring Cas Server 5.3.3. In one service I need to response a
JWT without encryption. Is it possible?
I have changed in cas.properties:
cas.authn.token.crypto.encryptionEnabled=false
But it not has effect. In my service I don't configure the property too:
"jwtAsServiceTicketEncryptionKey"
How can I disable this property?
Regards!
- Xavier -
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cdbba7e-75b3-4a5f-9e4b-c68b9e8a233a%40apereo.org
>>>
>>> .
>>>
>>
>>
>> --
>> --
>>
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
Re: [cas-user] Re: JWT without encryption key
yes
###Token/JWT Tickets ENCRIPTION
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.signing-enabled=true
cas.authn.token.crypto.signing.key=
Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g
cas.authn.token.crypto.encryption-enabled=false
cas.authn.token.crypto.encryption.key=
and
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*",
"name" : "myApplication",
"theme" : "myApplication",
"id" : 1003,
"description" : "My Application",
"evaluationOrder" : 1,
"usernameAttributeProvider" : {
"@class" :
"org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"
},
"accessStrategy" : {
"@class" :
"org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
},
"proxyPolicy" : {
"@class" :
"org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy",
"pattern" : "^(http|https)?://.*"
},
"properties" : {
"@class" : "java.util.HashMap",
"jwtAsServiceTicket" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "true" ] ]
}
}
}
Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha
scritto:
>
> Sorry, but this does not work.
> How's your service(one with definition of 'jwtAsServiceTicket', etc) looks
> like ?
>
>
> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna > wrote:
>
>> Hi all,
>> I'm work fine with
>>
>> cas.authn.token.crypto.encryption-enabled=false
>> cas.authn.token.crypto.encryption.key=
>>
>>
>> Il giorno lunedì 12 novembre 2018 16:44:10 UTC+1, Xavier Rodríguez ha
>> scritto:
>>>
>>> I'm configuring Cas Server 5.3.3. In one service I need to response a
>>> JWT without encryption. Is it possible?
>>>
>>> I have changed in cas.properties:
>>>
>>> cas.authn.token.crypto.encryptionEnabled=false
>>>
>>> But it not has effect. In my service I don't configure the property too:
>>>
>>> "jwtAsServiceTicketEncryptionKey"
>>>
>>> How can I disable this property?
>>>
>>> Regards!
>>>
>>> - Xavier -
>>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org .
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cdbba7e-75b3-4a5f-9e4b-c68b9e8a233a%40apereo.org
>>
>>
>> .
>>
>
>
> --
> Thanks & regards,
> Devendra
> Mobile: +49 1748437888
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc5f9360-536c-4c27-89bd-d6b69c99089f%40apereo.org.
