Hi everyone, I'm experimenting with OIDC and SAML server providers using Acceptto MFA integration. Up until RC4 everything seems to be working perfectly fine but after upgrading the RC5 (and RC6), it fails to verify the JWT signature that it receives from the Acceptto server.
This is what I'm getting with RC5 and RC6: cas | 2019-10-07 17:50:44,554 TRACE [org.apereo.cas.mfa.accepto.AccepttoApiUtils] - <Validating response signature for [REDACTED] using [Sun RSA public key, 2048 bits cas | params: null cas | modulus: [REDACTED] cas | public exponent: [REDACTED]]> cas | 2019-10-07 17:50:44,561 ERROR [org.apereo.cas.mfa.accepto.AccepttoApiUtils] - <The given key (algorithm=RSA) is not valid for SHA256withRSA> cas | org.jose4j.lang.InvalidKeyException: The given key (algorithm=RSA) is not valid for SHA256withRSA cas | at org.jose4j.jws.BaseSignatureAlgorithm.initForVerify(BaseSignatureAlgorithm.java:115) ~[jose4j-0.6.5.jar!/:?] cas | at org.jose4j.jws.BaseSignatureAlgorithm.verifySignature(BaseSignatureAlgorithm.java:56) ~[jose4j-0.6.5.jar!/:?] cas | at org.jose4j.jws.JsonWebSignature.verifySignature(JsonWebSignature.java:192) ~[jose4j-0.6.5.jar!/:?] cas | at org.apereo.cas.util.EncodingUtils.verifyJwsSignature(EncodingUtils.java:280) ~[cas-server-core-util-api-6.1.0-RC5-SNAPSHOT.jar!/:6.1.0-RC5-SNAPSHOT] cas | at org.apereo.cas.mfa.accepto.AccepttoApiUtils.authenticate(AccepttoApiUtils.java:184) ~[cas-server-support-acceptto-mfa-6.1.0-RC5-SNAPSHOT.jar!/:6.1.0-RC5-SNAPSHOT] cas | at org.apereo.cas.mfa.accepto.web.flow.AccepttoMultifactorDetermineUserAccountStatusAction.doExecute(AccepttoMultifactorDetermineUserAccountStatusAction.java:45) ~[cas-server-support-acceptto-mfa-6.1.0-RC5-SNAPSHOT.jar!/:6.1.0-RC5-SNAPSHOT] Same configuration (with same public key and upstream server setup) works perfectly fine with RC4. Could anyone please point me in the right direction? Please let me know if more information is needed to better diagnose the issue. Thanks, -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7306dfec-7f16-4a1e-b1ce-68330b83dbd5%40apereo.org.
