I think I found the bug. core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/cipher/AbstractCipherExecutor.java and core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/EncodingUtils.java simply do not support elliptic curve. What a shame...
leeyc0於 2020年5月1日星期五 UTC+8下午6時15分27秒寫道: > > I am testing OIDC with ES256 to sign JWT. But I found that if I configured > OidcRegisteredService.idTokenSigningAlg to use ES256, the access token is > signed with HS512 using cas.authn.oauth.accessToken.crypto.signing.key > instead. (The ID token is signed with ES256 as expected.) This causes > access key introspection to fail. > > If I removed OidcRegisteredService.idTokenSigningAlg, access token is > signed with RS512 and ID token is signed with RS256. In this case access > key introspection works as intended. > > I am not sure how to fix this bug, so I am posting here for suggestion. > -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/fed170fa-7355-41a8-81c9-c8dc5661439f%40apereo.org.
