[cas-user] Re: JWT without encryption key

Mon, 24 Aug 2020 08:25:45 -0700 

I realized that It were because of different algorithm types. spring 
resource server uses hmacsha256 default when using symmetric key, but cas 
sends hmacsha512. so i updated accessTokenConverter() method like below;

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        String key = 
"RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ";
        SignatureVerifier sha512Verifier = new MacSigner("HMACSHA512", new 
SecretKeySpec(key.getBytes(), "HMACSHA512"));
        converter.setVerifier(sha512Verifier);
        return converter;
    }

29 Mayıs 2020 Cuma tarihinde saat 16:41:33 UTC+3 itibarıyla denizg şunları 
yazdı:

> hello, is there anybody that verify jwt with spring resource server? i 
> have configuration like this. when i use custom oauth2 server, it works 
> well. but when i change to cas oauth2 server, it cannot verify jwt.
>
> cas oauth2
> cas.authn.token.crypto.enabled=true
>
> cas.authn.token.crypto.signing-enabled=true
> cas.authn.oauth.crypto.signing.key=RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ
> cas.authn.token.crypto.encryption-enabled=false
> cas.authn.token.crypto.encryption.key=
>
>
> spring resource server config
>
>
> @Configuration
> @EnableResourceServer
> public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
>
>     private String signKey = 
> "RwBkYP2TGd1qobBQnW0mraR1jJ5_uBT65LlnpP8xe_sy3IiNQ_6SnNUxagwcPxHUudONBN_hEPRRUHxaAsTzgQ";
>
>
>     @Bean
>     public JwtAccessTokenConverter accessTokenConverter() {
>         JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
>         converter.setSigningKey(signKey);
>         return converter;
>     }
>
>     @Bean
>     public TokenStore tokenStore() {
>         return new JwtTokenStore(accessTokenConverter());
>     }
>
>     @Bean
>     @Primary
>     public DefaultTokenServices tokenServices() {
>         DefaultTokenServices defaultTokenServices = new 
> DefaultTokenServices();
>         defaultTokenServices.setTokenStore(tokenStore());
>         return defaultTokenServices;
>     }
>
> }
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f3dd32a9-4def-4d3b-a4f1-5ec76ca971c7n%40apereo.org.

Reply via email to