Hi all, I follow this instruction to cipher "clientSecret" params in OAuth2 JWT Token with CAS Apereo 6.1 https://apereo.github.io/2019/11/04/cas62x-oauth-jwt-access-token/
*Step 1: Using CAS Shell to cipher clientSecret* root@ubuntu16:~/lam/cas-overlay-template# ./gradlew downloadShell runShell root@ubuntu16:~/lam/cas-overlay-template# java -jar build/libs/cas-server-support-shell-6.1.7.jar cas>encrypt-value value *exampleOauthClientSecret* alg PBEWithMD5AndTripleDES provider SunJCE password Vnpt@123 iterations 1000 ==== Encrypted Value ==== *{cas-cipher}La813rUHz0m2XM/DwqjvGtHPX+l8XtMzI80UGXH24uDMGXCqsAYFfg==* cas>decrypt-value value *{cas-cipher}La813rUHz0m2XM/DwqjvGtHPX+l8XtMzI80UGXH24uDMGXCqsAYFfg==* alg PBEWithMD5AndTripleDES provider SunJCE password Vnpt@123 iterations 1000 ==== Decrypted Value ==== *exampleOauthClientSecret* *Step 2: I make service registration like this* *root@ubuntu16:/etc/cas/services-repo# cat OAuthJWTService-3.json *{ "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService", "clientId": "exampleOauthClient", #"clientSecret": "exampleOauthClientSecret", "clientSecret": " *{cas-cipher}La813rUHz0m2XM/DwqjvGtHPX+l8XtMzI80UGXH24uDMGXCqsAYFfg==*", "serviceId" : "^https://cascore.vdc2.com.vn:9999/.*", "name" : "OAuthJWTService", "id" : 3, "jwtAccessToken": true, "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", "allowedAttributes" : [ "java.util.ArrayList", ["comdepartment","comid","lastname","usercode","userdate","useremail","userparentid","userstatus","usertel","usertype" ] ] }, "properties" : { "@class" : "java.util.HashMap", "accessTokenAsJwtSigningKey" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty", "values" : [ "java.util.HashSet", [ "CoSfJ2WweU-cWcUYSjW2PWLVLd9hIVG0xxjFFUHSUbCjkkNiwPli_WlqF9V2MHJH3SGH_4DifSYxlgs98h4snA" ] ] }, "accessTokenAsJwtEncryptionKey" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty", "values" : [ "java.util.HashSet", [ "_3gpqpSiIEjHT0xlscGvgDr0-iPIeeEeyecfFgbg_5E" ] ] }, "accessTokenAsJwtSigningEnabled" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty", "values" : [ "java.util.HashSet", [ "true" ] ] }, "accessTokenAsJwtEncryptionEnabled" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty", "values" : [ "java.util.HashSet", [ "true" ] ] }, "accessTokenAsJwtCipherStrategyType" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty", "values" : [ "java.util.HashSet", [ "SIGN_AND_ENCRYPT" ] ] } } } *Step 3: I config CAS Apereo global like this (my global config store in MongoDB)* {"_id":{"$oid":"5f058f62ee9a446824d4adf3"},"name":"org.apereo.cas.standalone.configurationSecurity.alg","value":"PBEWithMD5AndTripleDES"} {"_id":{"$oid":"5f058f79ee9a446824d4adf4"},"name":"org.apereo.cas.standalone.configurationSecurity.provider","value":"SunJCE"} {"_id":{"$oid":"5f058f8aee9a446824d4adf5"},"name":"org.apereo.cas.standalone.configurationSecurity.iterations","value":"1000"} {"_id":{"$oid":"5f058f9dee9a446824d4adf6"},"name":"org.apereo.cas.standalone.configurationSecurity.psw","value":"Vnpt@123"} *Step 4: I rebuild CAS* *Step 5: I call API to create JWT token like this* curl https://cascore.vdc2.com.vn:8443/cas/oauth2.0/token?grant_type=password'&'client_id=exampleOauthClient'&'client_secret= exampleOauthClientSecret'&'username=abc'&'password=Vnpt@123 | jq But It shows this problem { "@class": "java.util.LinkedHashMap", "timestamp": [ "java.util.Date", 1594370510760 ], "status": 401, "error": "Unauthorized", "message": "No message available", "path": "/cas/oauth2.0/token" } I try agin with this curl https://cascore.vdc2.com.vn:8443/cas/oauth2.0/token?grant_type=password'&'client_id=exampleOauthClient'&'client_secret= *{cas-cipher}La813rUHz0m2XM/DwqjvGtHPX+l8XtMzI80UGXH24uDMGXCqsAYFfg==*'&'username=abc'&'password=Vnpt@123 | jq But it shows this error again { "@class": "java.util.LinkedHashMap", "timestamp": [ "java.util.Date", 1594370510760 ], "status": 401, "error": "Unauthorized", "message": "No message available", "path": "/cas/oauth2.0/token" } I try change param to plain text in registration file from "clientSecret": " *{cas-cipher}La813rUHz0m2XM/DwqjvGtHPX+l8XtMzI80UGXH24uDMGXCqsAYFfg==*", to "clientSecret": "exampleOauthClientSecret", It works and gives me JWT token. Please help me. Thanks -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fe3c0d20-87c6-4b99-a642-13719907bccan%40apereo.org.