Has anyone run into a problem with the JCE files on newer JDK's? It is my
understanding that jdk 1.8.161 and later includes the jce unlimited
cryptography libs by default, and command line testing seems to confirm
this, but CAS 5.2.3 fails with the following:
Caused by: java.lang.RuntimeException: Is JCE Unlimited Strength
Jurisdiction Policy installed? AES is an unknown, unsupported or
unavailable enc algorithm (not one of [A128CBC-HS256, A192CBC-HS384,
A256CBC-HS512, A128GCM, A192GCM, A256GCM]).
CAS startup shows the correct JDK is being used and JCE is present:
CAS Version: 5.2.3
CAS Commit Id: 14850a4ef16ef32ce6390f62fda566fdb8fa3948
CAS Build Date/Time: 2018-03-07T20:08:12Z
Spring Boot Version: 1.5.8.RELEASE
------------------------------------------------------------
Java Home: /usr/java/jdk1.8.0_162/jre
Java Vendor: Oracle Corporation
Java Version: 1.8.0_162
..............
JCE Installed: Yes
..............
Command line testing shows it is enabled:
$ env | grep JAVA
JAVA_HOME=/usr/java/jdk1.8.0_162
$ which jrunscript
/usr/java/jdk1.8.0_162/bin/jrunscript
$ jrunscript -e "print (javax.crypto.Cipher.getMaxAllowedKeyLength('AES')
>= 256)"
true
I am at a loss...
Anyone have ideas??
Out of desperation I downloaded the jce files from oracle and put them in
the usual place(/jre/lib/security) and restarted tomcat but still same
error. Using openjdk 8 which should also include the jce unlimited jars
also gives the same cas error.
Thanks,
William
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/718bdd24-4d97-4723-8f00-a156f7c79757%40apereo.org.
