Hi Ray, I was referring to the client receiving the JWT, verifying the signature, and extracting the JWT contents for further validation. It looks like this requires a custom filter and suprised the cas client does not already support this.
Btw, when I get the JWT as the ticket, it comes in as a query parameter. Is there a way to get this via header? What is the redirect query parameter for? myapp/cas/login?redirect=true&ticket=abc.123.xyz -psv On Monday, April 3, 2023 at 11:19:03 AM UTC-5 Ray Bon wrote: > Pablo, > > Are you looking for this flow diagram, > https://apereo.github.io/cas/6.6.x/installation/Configure-ServiceTicket-JWT.html#flow-diagram > ? > > JWTs are validated on the service side, not in CAS. > > Ray > > On Fri, 2023-03-31 at 19:07 -0700, Pablo Vidaurri wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > For JWT as a service, what is the appropriate CAS Validation Filter to use > on the client side? Or does this have to be custom Filter where I need to > verify the signature, decode, and create the Assertion with principle? > > On Thursday, March 30, 2023 at 11:05:28 AM UTC-5 Pablo Vidaurri wrote: > > I'm following this to setup JWT as a service ticket: > https://apereo.github.io/cas/6.5.x/installation/Configure-ServiceTicket-JWT.html > > I am using global keys and not defining them in service json file. > > I am able to login but get a failure when validating the ST. Looks like > the ST being check is the encrypted/signed JWT: > > ERROR [org.apereo.cas.ticket.DefaultTicketCatalog] - <Ticket definition > for [eyJhbGciOiJu...qOWxGRS1sb2NhbGhvc3QifQ.] cannot be found in the ticket > catalog which only contains the following ticket types: [[TGT, ST, RT, AT, > PT, TST, OC, SART, ODUC, PGT, SATQ, ODT]]> > WARN [org.apereo.cas.DefaultCentralAuthenticationService] - <Service > ticket [eyJhbGciOiJu...qOWxGRS1sb2NhbGhvc3QifQ.] does not exist.> > 2023-03-30 10:15:43,875 INFO > [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: eyJhbGciOiJu...qOWxGRS1sb2NhbGhvc3QifQ. for > http://localhost:9003/login/cas > ACTION: SERVICE_TICKET_VALIDATE_FAILED > APPLICATION: CAS > WHEN: Thu Mar 30 10:15:43 CDT 2023 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.0.1 > ============================================================= > > Is there a config missing that is not in the doucment? > > -psv > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9ba8cb8-fd6a-46cf-922e-003606555286n%40apereo.org.
