Both with 5.3.10 and 6.0.4 I am observing strange warnings in my log:
2019-06-04 16:41:13,282 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not
enabled for [Token/JWT Tickets]. The cipher
[RegisteredServiceTokenTicketCipherExecutor] wonly attempt to produce
signed objects>
2019-06-04 16:41:13,283 WARN
[org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not
enabled for [Token/JWT Tickets]. The cipher
[RegisteredServiceTokenTicketCipherExecutor] willempt to produce plain
objects>
I don't get what's complaining about.
I defined these global variables in cas.properties :
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.signingEnabled=true
cas.authn.token.crypto.encryptionEnabled=true
cas.authn.token.crypto.signing.key=${OPTOPLUS_CAS_TOKEN_SIGNING_KEY}
cas.authn.token.crypto.signing.keySize=512
cas.authn.token.crypto.encryption.key=${OPTOPLUS_CAS_TOKEN_ENCRYPTION_KEY}
cas.authn.token.crypto.encryption.keySize=256
cas.authn.token.crypto.alg=A128CBC-HS256
Also, I believe (and I DO REALLY HOPE SO) my JWT Tickets are indeed signed
and ciphered since my backend use jose4j to verify signature and
deciphering :
JsonWebSignature
jws = new JsonWebSignature();
jws.setCompactSerialization(bearer);
jws.setKey(signingKey);
if (jws.verifySignature()) {
JsonWebEncryption jwe = new
JsonWebEncryption();
jwe.setCompactSerialization(new
String(Base64.decodeBase64(jws.getEncodedPayload()),
StandardCharsets.UTF_8));
jwe.setKey(encryptionKey);
JwtClaims claims =
JwtClaims.parse(jwe.getPlaintextString());
NumericDate issuedAt = claims.getIssuedAt();
issuedAt.addSeconds(60);
if (Objects.nonNull(issuedAt) &&
issuedAt.isAfter(NumericDate.now())) {
String subject = claims.getSubject();
if (StringUtils.isNotBlank(subject)) {
CredentialValidationResult validate
= this.identityStore.validate(new CallerOnlyCredential(subject));
if
(Status.VALID.equals(validate.getStatus())) {
return
httpMessageContext.notifyContainerAboutLogin(validate);
}
}
}
}
According to:
https://github.com/apereo/cas/blob/master/core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/cipher/BaseStringCipherExecutor.java
this.encryptionEnabled = encryptionEnabled || StringUtils.
isNotBlank(secretKeyEncryption);
this.signingEnabled = signingEnabled || StringUtils.
isNotBlank(secretKeySigning);
this.signingKeySize = signingKeyLength <= 0 ? CipherExecutor.
DEFAULT_STRINGABLE_SIGNING_KEY_SIZE : signingKeyLength;
this.encryptionKeySize = encryptionKeyLength <= 0 ? CipherExecutor.
DEFAULT_STRINGABLE_ENCRYPTION_KEY_SIZE : encryptionKeyLength;
if (this.encryptionEnabled) {
configureEncryptionParameters(secretKeyEncryption,
contentEncryptionAlgorithmIdentifier);
} else {
LOGGER.info("Encryption is not enabled for [{}]. The cipher
[{}] will only attempt to produce signed objects",
getName(), getClass().getSimpleName());
}
I can't understand what's happening. I believe encryptionEnabled is
cas.authn.token.crypto.encryptionEnabled
and secretKeyEncryption should be cas.authn.token.crypto.encryption.key.
Am I missing something ?
Thank you in advance
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/bbd324e4-de79-45c3-8422-96165b74a95d%40apereo.org.
