Hi, have you solved this? i am using 4.2.7, also notice this warning, is this a bug considering that cookie cipher has been enabled by default?
在 2016年12月8日星期四 UTC+8下午11:13:58,satnam写道: > > Hello, even when I am trying to use default > > *deployerConfigContext.xml and I am getting warining > *org.jasig.cas.util.NoOpCipherExecutor > does no encryption and may NOT be safe in a production environment. > Consider using other choices. How can I reference other options? > > > In > *deployerConfigContext.xml, * <alias name="tgcCipherExecutor" > alias="defaultCookieCipherExecutor" /> > > > > To disable the cipher configuration for the SSO session cookie, we can > include following two lines in *deployerConfigContext.xml,* but to to > enable it? if it is enabled by default, then why I am getting warning? > > > https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session-Cookie.html > > <alias name="noOpCookieValueManager" alias="defaultCookieValueManager" > /><alias name="noOpCipherExecutor" alias="defaultCookieCipherExecutor" /> > > > > > > Thanks for help > > =============== > 2016-12-06 07:26:46 Commons Daemon procrun stdout initialized > 2016-12-06 07:27:06,249 INFO > [org.jasig.cas.support.saml.SamlServletContextListener] - <Starting up > servlet application context...> > 2016-12-06 07:27:06,405 INFO [org.jasig.cas.CasEnvironmentContextListener] > - < > ******************** Welcome to CAS ******************* > CAS Version: 4.2.7 > Build Date/Time: 1969-12-31T16:00:00.000-08:00 > Java Home: E:\jre8u112 > Java Vendor: Oracle Corporation > Java Version: 1.8.0_112 > OS Architecture: amd64 > OS Name: Windows Server 2008 R2 > OS Version: 6.1 > ******************************************************* > > > 2016-12-06 07:27:13,192 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 110 services > from gov.ca.post.PostServiceRegistryDaoImpl@7b6bb8c9.> > 2016-12-06 07:27:13,597 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Services manager > will reload service definitions every 60 seconds> > 2016-12-06 07:27:16,359 INFO [org.jasig.cas.ServiceRegistryInitializer] - > <The service registry database will not be initialized from default JSON > services. If the service registry database is empty, CAS will refuse to > authenticate services until service definitions are added to the database.> > 2016-12-06 07:27:16,452 INFO > [org.jasig.cas.ticket.registry.TicketRegistryCleaner] - <Preparing to > schedule job to clean up after tickets...> > 2016-12-06 07:27:16,452 INFO > [org.jasig.cas.ticket.registry.TicketRegistryCleaner] - > <TicketRegistryCleaner will clean tickets every 2 minutes> > *2016-12-06 07:27:16,546 WARN [org.jasig.cas.util.NoOpCipherExecutor] - > <[org.jasig.cas.util.NoOpCipherExecutor] does no encryption and may NOT be > safe in a production environment. Consider using other choices, such as > [org.jasig.cas.util.BaseStringCipherExecutor] that handle encryption, > signing and verification of all appropriate values.>* > 2016-12-06 07:27:16,639 WARN [org.jasig.cas.util.WebflowCipherExecutor] - > <Secret key for signing is not defined. CAS will attempt to auto-generate > the signing key> > 2016-12-06 07:27:16,639 WARN [org.jasig.cas.util.WebflowCipherExecutor] - > <Generated signing key > Hw0rXiTss7ZAfbKeEFjOrAsaZvxiT0mJKB33zprVHJ4wbiyV_P7IVdWGAvhjIz12ndI_dOVTlrynEbTZUaMhyg > > of size 512. The generated key MUST be added to CAS settings.> > 2016-12-06 07:27:16,639 WARN [org.jasig.cas.util.WebflowCipherExecutor] - > <No encryption key is defined. CAS will attempt to auto-generate keys> > 2016-12-06 07:27:16,639 WARN [org.jasig.cas.util.WebflowCipherExecutor] - > <Generated encryption key GKHpOuzwiPnSianW of size 16. The generated key > MUST be added to CAS settings.> > 2016-12-06 07:27:16,873 INFO > [org.jasig.cas.support.saml.SamlServletContextListener] - <Initializing > SamlServletContextListener root application context> > 2016-12-06 07:27:16,873 INFO > [org.jasig.cas.support.saml.SamlServletContextListener] - <Initialized > SamlServletContextListener root application context successfully> > 2016-12-06 07:27:16,873 INFO > [org.jasig.cas.support.saml.SamlServletContextListener] - <Initializing > SamlServletContextListener servlet application context> > 2016-12-06 07:27:17,341 INFO > [org.jasig.cas.support.saml.SamlServletContextListener] - <Initialized > SamlServletContextListener servlet application context successfully> > > > > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/899e3b02-7005-475c-997f-39a2e6c256c1%40apereo.org.
