While decoding JWT there is error "Bad Base64 input character decimal 37 in array position 806" Which means 37(%) is not allowed in encoded base 64 string in JWT.
My JWT looks like below and yellow highlighted is the 806th element that cannot be base 64 decode. eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJpdmVyYXNlI<string>NTg3In0%3D. UmNz8ikEOFYqPgHRmZb1SK6A1pRFu48fSfYTasMGYHKtg7V8JepAfwunXwFeHsx5JTi4yKBug1Tq9PqfdY93lA On Fri, Dec 14, 2018 at 2:11 PM Giuseppe Infurna <[email protected]> wrote: > > i'm using io.jsonwebtoken.jjwt library > > Jwts.parser().setSigningKey(<yourSecretKey>).parseClaimsJws(<yourJwt>); > > > > Il giorno venerdì 14 dicembre 2018 14:02:14 UTC+1, Devendra Sisodia ha > scritto: >> >> Hello, >> >> Big Thanks for sharing configuration and as a result JWT is not encrypted >> and only signed. >> >> But now I face strange issue. when I try to verify signature it fails. I >> am using AES and single key to sign and JWT is generated. But the generate >> JWT fails signature verification. >> >> JWT generated as below: >> 2018-12-14 12:33:00,684 DEBUG >> [org.apereo.cas.token.JWTTokenTicketBuilder] - <Locating service [ >> http://localhost:8888/api] in service registry> >> 2018-12-14 12:33:00,685 DEBUG >> [org.apereo.cas.token.JWTTokenTicketBuilder] - <Locating service specific >> signing and encryption keys for [http://localhost:8888/api] in service >> registry> >> 2018-12-14 12:33:00,690 WARN >> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not >> enabled for [Token/JWT Tickets]. The cipher >> [RegisteredServiceTokenTicketCipherExecutor] will only attempt to produce >> signed objects> >> 2018-12-14 12:33:00,690 WARN >> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not >> enabled for [Token/JWT Tickets]. The cipher >> [RegisteredServiceTokenTicketCipherExecutor] will attempt to produce plain >> objects> >> 2018-12-14 12:33:00,690 DEBUG >> [org.apereo.cas.token.JWTTokenTicketBuilder] - <Encoding JWT based on >> default global keys for [http://localhost:8888/api]> >> 2018-12-14 12:33:00,734 DEBUG >> [org.apereo.cas.authentication.principal.DefaultResponse] - <Sanitized URL >> for redirect response is [http://localhost:8888/api]> >> 2018-12-14 12:33:00,736 DEBUG >> [org.apereo.cas.authentication.principal.DefaultResponse] - <Final redirect >> response is [ >> http://localhost:8888/api?redirect=true&ticket=eyJhbGciOiJSUzUxMiJ9 >> >> Verfication code used is: >> final Key key = new AesKey(jwtSigning.getBytes(StandardCharsets.UTF_8)); >> >> final JsonWebSignature jws = new JsonWebSignature(); >> jws.setCompactSerialization(secureJwt); >> jws.setKey(key); >> if (!jws.verifySignature()) { >> throw new Exception("JWT verification failed"); >> } >> >> On Thu, Dec 13, 2018 at 3:40 PM Giuseppe Infurna <[email protected]> >> wrote: >> >>> >>> yes >>> >>> >>> ###Token/JWT Tickets ENCRIPTION >>> cas.authn.token.crypto.enabled=true >>> >>> cas.authn.token.crypto.signing-enabled=true >>> cas.authn.token.crypto.signing.key= >>> Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g >>> >>> cas.authn.token.crypto.encryption-enabled=false >>> cas.authn.token.crypto.encryption.key= >>> >>> and >>> >>> { >>> "@class" : "org.apereo.cas.services.RegexRegisteredService", >>> "serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*", >>> "name" : "myApplication", >>> "theme" : "myApplication", >>> "id" : 10000003, >>> "description" : "My Application", >>> "evaluationOrder" : 1, >>> "usernameAttributeProvider" : { >>> "@class" : >>> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" >>> }, >>> "attributeReleasePolicy" : { >>> "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" >>> }, >>> "accessStrategy" : { >>> "@class" : >>> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", >>> "enabled" : true, >>> "ssoEnabled" : true >>> }, >>> "proxyPolicy" : { >>> "@class" : >>> "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy", >>> "pattern" : "^(http|https)?://.*" >>> }, >>> "properties" : { >>> "@class" : "java.util.HashMap", >>> "jwtAsServiceTicket" : { >>> "@class" : >>> "org.apereo.cas.services.DefaultRegisteredServiceProperty", >>> "values" : [ "java.util.HashSet", [ "true" ] ] >>> } >>> } >>> } >>> >>> >>> >>> Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha >>> scritto: >>>> >>>> Sorry, but this does not work. >>>> How's your service(one with definition of 'jwtAsServiceTicket', etc) >>>> looks like ? >>>> >>>> >>>> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna <[email protected]> >>>> wrote: >>>> >>>>> Hi all, >>>>> I'm work fine with >>>>> >>>>> cas.authn.token.crypto.encryption-enabled=false >>>>> cas.authn.token.crypto.encryption.key= >>>>> >>>>> >>>>> Il giorno lunedì 12 novembre 2018 16:44:10 UTC+1, Xavier Rodríguez ha >>>>> scritto: >>>>>> >>>>>> I'm configuring Cas Server 5.3.3. In one service I need to response a >>>>>> JWT without encryption. Is it possible? >>>>>> >>>>>> I have changed in cas.properties: >>>>>> >>>>>> cas.authn.token.crypto.encryptionEnabled=false >>>>>> >>>>>> But it not has effect. In my service I don't configure the property >>>>>> too: >>>>>> >>>>>> "jwtAsServiceTicketEncryptionKey" >>>>>> >>>>>> How can I disable this property? >>>>>> >>>>>> Regards! >>>>>> >>>>>> - Xavier - >>>>>> >>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cdbba7e-75b3-4a5f-9e4b-c68b9e8a233a%40apereo.org >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cdbba7e-75b3-4a5f-9e4b-c68b9e8a233a%40apereo.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> >>>> -- >>>> -- >>>> >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc5f9360-536c-4c27-89bd-d6b69c99089f%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc5f9360-536c-4c27-89bd-d6b69c99089f%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> >> >> >> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/202650b5-d998-4539-af60-50218543325f%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/202650b5-d998-4539-af60-50218543325f%40apereo.org?utm_medium=email&utm_source=footer> > . > -- Thanks & regards, Devendra Mobile: +49 1748437888 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACE83cUGHOWX22gwR1hCTOysSu_CPqb6tuwYaPJpsqzxidZygw%40mail.gmail.com.
