I think you are seeing the discrepancy due to base64 vs. base64url decoding. I think the jwt spec. wants base64 url vs. plain base64.
https://en.wikipedia.org/wiki/Base64#URL_applications On Friday, December 14, 2018 at 9:37:45 AM UTC-6, Devendra Sisodia wrote: > > While decoding JWT there is error "Bad Base64 input character decimal 37 > in array position 806" Which means 37(%) is not allowed in encoded base 64 > string in JWT. > > My JWT looks like below and yellow highlighted is the 806th element that > cannot be base 64 decode. > > eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJpdmVyYXNlI<string>NTg3In0%3D. > UmNz8ikEOFYqPgHRmZb1SK6A1pRFu48fSfYTasMGYHKtg7V8JepAfwunXwFeHsx5JTi4yKBug1Tq9PqfdY93lA > > On Fri, Dec 14, 2018 at 2:11 PM Giuseppe Infurna <[email protected] > <javascript:>> wrote: > >> >> i'm using io.jsonwebtoken.jjwt library >> >> Jwts.parser().setSigningKey(<yourSecretKey>).parseClaimsJws(<yourJwt>); >> >> >> >> Il giorno venerdì 14 dicembre 2018 14:02:14 UTC+1, Devendra Sisodia ha >> scritto: >>> >>> Hello, >>> >>> Big Thanks for sharing configuration and as a result JWT is not >>> encrypted and only signed. >>> >>> But now I face strange issue. when I try to verify signature it fails. I >>> am using AES and single key to sign and JWT is generated. But the generate >>> JWT fails signature verification. >>> >>> JWT generated as below: >>> 2018-12-14 12:33:00,684 DEBUG >>> [org.apereo.cas.token.JWTTokenTicketBuilder] - <Locating service [ >>> http://localhost:8888/api] in service registry> >>> 2018-12-14 12:33:00,685 DEBUG >>> [org.apereo.cas.token.JWTTokenTicketBuilder] - <Locating service specific >>> signing and encryption keys for [http://localhost:8888/api] in service >>> registry> >>> 2018-12-14 12:33:00,690 WARN >>> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not >>> enabled for [Token/JWT Tickets]. The cipher >>> [RegisteredServiceTokenTicketCipherExecutor] will only attempt to produce >>> signed objects> >>> 2018-12-14 12:33:00,690 WARN >>> [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not >>> enabled for [Token/JWT Tickets]. The cipher >>> [RegisteredServiceTokenTicketCipherExecutor] will attempt to produce plain >>> objects> >>> 2018-12-14 12:33:00,690 DEBUG >>> [org.apereo.cas.token.JWTTokenTicketBuilder] - <Encoding JWT based on >>> default global keys for [http://localhost:8888/api]> >>> 2018-12-14 12:33:00,734 DEBUG >>> [org.apereo.cas.authentication.principal.DefaultResponse] - <Sanitized URL >>> for redirect response is [http://localhost:8888/api]> >>> 2018-12-14 12:33:00,736 DEBUG >>> [org.apereo.cas.authentication.principal.DefaultResponse] - <Final redirect >>> response is [ >>> http://localhost:8888/api?redirect=true&ticket=eyJhbGciOiJSUzUxMiJ9 >>> >>> Verfication code used is: >>> final Key key = new AesKey(jwtSigning.getBytes(StandardCharsets.UTF_8)); >>> >>> final JsonWebSignature jws = new JsonWebSignature(); >>> jws.setCompactSerialization(secureJwt); >>> jws.setKey(key); >>> if (!jws.verifySignature()) { >>> throw new Exception("JWT verification failed"); >>> } >>> >>> On Thu, Dec 13, 2018 at 3:40 PM Giuseppe Infurna <[email protected]> >>> wrote: >>> >>>> >>>> yes >>>> >>>> >>>> ###Token/JWT Tickets ENCRIPTION >>>> cas.authn.token.crypto.enabled=true >>>> >>>> cas.authn.token.crypto.signing-enabled=true >>>> cas.authn.token.crypto.signing.key= >>>> Dkkpi7iUKqidOXXmeAbr4RyHirYmgQgqqUrIo6q_JPNks2iqX2l95jVVoZQDWLNiFnhQF43agCtdMxRnIXOO9g >>>> >>>> cas.authn.token.crypto.encryption-enabled=false >>>> cas.authn.token.crypto.encryption.key= >>>> >>>> and >>>> >>>> { >>>> "@class" : "org.apereo.cas.services.RegexRegisteredService", >>>> "serviceId" : "^(http|https)://?localhost(:8081|:9060|:9000)?/.*", >>>> "name" : "myApplication", >>>> "theme" : "myApplication", >>>> "id" : 10000003, >>>> "description" : "My Application", >>>> "evaluationOrder" : 1, >>>> "usernameAttributeProvider" : { >>>> "@class" : >>>> "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" >>>> }, >>>> "attributeReleasePolicy" : { >>>> "@class" : >>>> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy" >>>> }, >>>> "accessStrategy" : { >>>> "@class" : >>>> "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", >>>> "enabled" : true, >>>> "ssoEnabled" : true >>>> }, >>>> "proxyPolicy" : { >>>> "@class" : >>>> "org.jasig.cas.services.RegexMatchingRegisteredServiceProxyPolicy", >>>> "pattern" : "^(http|https)?://.*" >>>> }, >>>> "properties" : { >>>> "@class" : "java.util.HashMap", >>>> "jwtAsServiceTicket" : { >>>> "@class" : >>>> "org.apereo.cas.services.DefaultRegisteredServiceProperty", >>>> "values" : [ "java.util.HashSet", [ "true" ] ] >>>> } >>>> } >>>> } >>>> >>>> >>>> >>>> Il giorno giovedì 13 dicembre 2018 14:55:49 UTC+1, Devendra Sisodia ha >>>> scritto: >>>>> >>>>> Sorry, but this does not work. >>>>> How's your service(one with definition of 'jwtAsServiceTicket', etc) >>>>> looks like ? >>>>> >>>>> >>>>> On Thu, Dec 13, 2018 at 2:09 PM Giuseppe Infurna <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi all, >>>>>> I'm work fine with >>>>>> >>>>>> cas.authn.token.crypto.encryption-enabled=false >>>>>> cas.authn.token.crypto.encryption.key= >>>>>> >>>>>> >>>>>> Il giorno lunedì 12 novembre 2018 16:44:10 UTC+1, Xavier Rodríguez ha >>>>>> scritto: >>>>>>> >>>>>>> I'm configuring Cas Server 5.3.3. In one service I need to response >>>>>>> a JWT without encryption. Is it possible? >>>>>>> >>>>>>> I have changed in cas.properties: >>>>>>> >>>>>>> cas.authn.token.crypto.encryptionEnabled=false >>>>>>> >>>>>>> But it not has effect. In my service I don't configure the property >>>>>>> too: >>>>>>> >>>>>>> "jwtAsServiceTicketEncryptionKey" >>>>>>> >>>>>>> How can I disable this property? >>>>>>> >>>>>>> Regards! >>>>>>> >>>>>>> - Xavier - >>>>>>> >>>>>> -- >>>>>> - Website: https://apereo.github.io/cas >>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cdbba7e-75b3-4a5f-9e4b-c68b9e8a233a%40apereo.org >>>>>> >>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/0cdbba7e-75b3-4a5f-9e4b-c68b9e8a233a%40apereo.org?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> >>>>> >>>>> -- >>>>> -- >>>>> >>>> - Website: https://apereo.github.io/cas >>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>> - List Guidelines: https://goo.gl/1VRrw7 >>>> - Contributions: https://goo.gl/mh7qDG >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "CAS Community" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc5f9360-536c-4c27-89bd-d6b69c99089f%40apereo.org >>>> >>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc5f9360-536c-4c27-89bd-d6b69c99089f%40apereo.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> >>> >>> >>> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/202650b5-d998-4539-af60-50218543325f%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/202650b5-d998-4539-af60-50218543325f%40apereo.org?utm_medium=email&utm_source=footer> >> . >> > > > -- > Thanks & regards, > Devendra > Mobile: +49 1748437888 > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1c28790e-89e4-41c5-ba72-3f06ef76a3b1%40apereo.org.
