We're on 5.3.11. Struggled with this as well, could never find a third
party tool or library that could validate the jwt generated by cas. I even
contact the maintainer of one of the python libs and he claims the cas
generated JWT was invalid. I was able to write my own java to validate
based on code provided by cas:
https://apereo.github.io/cas/5.3.x/installation/Configure-ServiceTicket-JWT.html
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.encryptionEnabled=true
cas.authn.token.crypto.signing.key=<redacted>
cas.authn.token.crypto.encryption.key=<redacted>
Snippet from service configured to return jwt. Note pre-5.3, somewhere,
the property name was jwtAsServiceTicket vs. jwtAsResponse.
properties:
{
@class: java.util.LinkedHashMap
jwtAsResponse:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceProperty
values:
[
java.util.HashSet
[
"true"
]
]
}
}
On Thursday, August 8, 2019 at 4:15:35 PM UTC-5, Drew Liscomb wrote:
>
> Also, this was working in 5.1.3, but, of course, with the 'old style'
> properties, before the New Order with *.crypto.* was implemented.
>
> Drew
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f7bb150e-e84d-4b7c-96ee-89d4e3136785%40apereo.org.
