i'm using io.jsonwebtoken.jjwt library Jwts.parser().setSigningKey(<yourSecretKey>).parseClaimsJws(<yourJwt>);
Il giorno venerdì 14 dicembre 2018 14:02:14 UTC+1, Devendra Sisodia ha scritto: > > Hello, > > Big Thanks for sharing configuration and as a result JWT is not encrypted > and only signed. > > But now I face strange issue. when I try to verify signature it fails. I > am using AES and single key to sign and JWT is generated. But the generate > JWT fails signature verification. > > JWT generated as below: > 2018-12-14 12:33:00,684 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder] > - <Locating service [http://localhost:8888/api] in service registry> > 2018-12-14 12:33:00,685 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder] > - <Locating service specific signing and encryption keys for [ > http://localhost:8888/api] in service registry> > 2018-12-14 12:33:00,690 WARN > [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not > enabled for [Token/JWT Tickets]. The cipher > [RegisteredServiceTokenTicketCipherExecutor] will only attempt to produce > signed objects> > 2018-12-14 12:33:00,690 WARN > [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not > enabled for [Token/JWT Tickets]. The cipher > [RegisteredServiceTokenTicketCipherExecutor] will attempt to produce plain > objects> > 2018-12-14 12:33:00,690 DEBUG [org.apereo.cas.token.JWTTokenTicketBuilder] > - <Encoding JWT based on default global keys for [ > http://localhost:8888/api]> > 2018-12-14 12:33:00,734 DEBUG > [org.apereo.cas.authentication.principal.DefaultResponse] - <Sanitized URL > for redirect response is [http://localhost:8888/api]> > 2018-12-14 12:33:00,736 DEBUG > [org.apereo.cas.authentication.principal.DefaultResponse] - <Final redirect > response is [ > http://localhost:8888/api?redirect=true&ticket=eyJhbGciOiJSUzUxMiJ9 > > Verfication code used is: > final Key key = new AesKey(jwtSigning.getBytes(StandardCharsets.UTF_8)); > > final JsonWebSignature jws = new JsonWebSignature(); > jws.setCompactSerialization(secureJwt); > jws.setKey(key); > if (!jws.verifySignature()) { > throw new Exception("JWT verification failed"); > } > > On Thu, Dec 13, 2018 at 3:40 PM Giuseppe Infurna <[email protected] > <javascript:>> wrote: > >> >> yes >> >> >> ###Token/JWT Tickets ENCRIPTION >> cas.authn.token.crypto.enabled=true >> >> cas.authn.token.crypto.signing-enabled=true >> cas.authn.token.crypto.signing.key= >> Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g >> >> cas.authn.token.crypto.encryption-enabled=false >> cas.authn.token.crypto.encryption.key= >> >> and >> >> { >> "@class" : "org.apereo.cas.services.RegexRegisteredService", >> "serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*", >> "name" : "myApplication", >> "theme" : "myApplication", >> "id" : 10000003, >> "description" : "My Application", >> "evaluationOrder" : 1, >> "usernameAttributeProvider" : { >> "@class" : >> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" >> }, >> "attributeReleasePolicy" : { >> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" >> }, >> "accessStrategy" : { >> "@class" : >> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", >> "enabled" : true, >> "ssoEnabled" : true >> }, >> "proxyPolicy" : { >> "@class" : >> "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy", >> "pattern" : "^(http|https)?://.*" >> }, >> "properties" : { >> "@class" : "java.util.HashMap", >> "jwtAsServiceTicket" : { >> "@class" : >> "org.apereo.cas.services.DefaultRegisteredServiceProperty", >> "values" : [ "java.util.HashSet", [ "true" ] ] >> } >> } >> } >> >> >> >> Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha >> scritto: >>> >>> Sorry, but this does not work. >>> How's your service(one with definition of 'jwtAsServiceTicket', etc) >>> looks like ? >>> >>> >>> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna <[email protected]> >>> wrote: >>> >>>> Hi all, >>>> I'm work fine with >>>> >>>> cas.authn.token.crypto.encryption-enabled=false >>>> cas.authn.token.crypto.encryption.key= >>>> >>>> >>>> Il giorno lunedì 12 novembre 2018 16:44:10 UTC+1, Xavier Rodríguez ha >>>> scritto: >>>>> >>>>> I'm configuring Cas Server 5.3.3. In one service I need to response a >>>>> JWT without encryption. Is it possible? >>>>> >>>>> I have changed in cas.properties: >>>>> >>>>> cas.authn.token.crypto.encryptionEnabled=false >>>>> >>>>> But it not has effect. In my service I don't configure the property >>>>> too: >>>>> >>>>> "jwtAsServiceTicketEncryptionKey" >>>>> >>>>> How can I disable this property? >>>>> >>>>> Regards! >>>>> >>>>> - Xavier - >>>>> >>>> -- >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cdbba7e-75b3-4a5f-9e4b-c68b9e8a233a%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cdbba7e-75b3-4a5f-9e4b-c68b9e8a233a%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> -- >>> -- >>> >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc5f9360-536c-4c27-89bd-d6b69c99089f%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc5f9360-536c-4c27-89bd-d6b69c99089f%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/202650b5-d998-4539-af60-50218543325f%40apereo.org.
