Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Sneha Kashyap]

Thank you so much for the clarification!
Regards
Sneha

On Fri, 27 Mar, 2020, 6:50 am Nguyen Tran Thanh Lam, <
naphaluan211...@gmail.com> wrote:

> Hi Sneha,
> Your client must use https too.
> You can use Let's encrypt free SSL for you client.
> Thank you.
>
> Vào Th 5, 26 thg 3, 2020 vào lúc 10:05 Sneha Kashyap <
> sneha.kash...@healthelife.in> đã viết:
>
>> Hi napolean,
>> Thanks for your prompt reply. Yes I do realise that the CAS oauth server
>> works only on https protocol.
>>
>> What about the client applications that connect to the server? Must they
>> be a https URL as well? Ideally that is not required by oauth2.. But
>> somehow my application on http does not receive back the accesstoken from
>> CAS oauth server.
>>
>> My question to you is, have you used serviceids values as a http URL and
>> successful authenticated your application?
>> Foe example: serviceid: "http://example.com/.*;
>>
>> Does such a URL get successful authentication in CAS oauth2 server?
>>
>> Thanks & regards
>> Sneha
>>
>> On Thu, 26 Mar, 2020, 6:54 am Nguyen Tran Thanh Lam, <
>> naphaluan211...@gmail.com> wrote:
>>
>>> Hi Sneha,
>>> I know this.
>>> You must use https for Oauth2
>>> Thank you
>>>
>>> Vào Th 5, 26 thg 3, 2020 vào lúc 01:52 Sneha Kashyap <
>>> sneha.kash...@healthelife.in> đã viết:
>>>
 Hi napolean,
 Do you have any idea if there is restriction by CAS oauth2 server to
 use http urls instead of https urls in service id to be authenticated?

 Thanks sneha

 On Mon, 23 Mar, 2020, 10:37 pm Sneha, 
 wrote:

> Hello All,
>
> Replying on this post as it is the most recent post on OAuth
> authentication.I am back working on the project again.
>
> Having gotten the oauth2 with JWT sample code working on CAS 6.1
> overlay I find that It works on service ids with https URLs but on
> configuring  http URLs I am unable to obtain the JWT or access token with 
> a
> successful authentication and code generated. I am getting the following
> output on debug logs on the server side:
>
>
>
> my json registration:
>
> {
>   "@class" :
> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "clientId": "exampleOauthClient",
>   "clientSecret": "test1",
>   "serviceId": "^http://localhost:/.*;,
> "name": "oauth2test",
> "id": 6,
>   "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code"
> ] ],
>   "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
>   "attributeReleasePolicy": {
> "@class":
> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
> "principalAttributesRepository": {
> "@class":
> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
> },
>},
> "jwtAccessToken": true,
> "usernameAttributeProvider": {
> "@class":
> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
> "usernameAttribute": "username"
>   }
> }
>
>
> On the client side, i receive a 403 forbidden status or a 401 :
>
> Not sure what I am missing out.. Or does the CAS OAuth server allow
> only clients with https urls to participate in SSO?
> Any inputs regarding this will be of great help..
>
> Thanks
> Sneha
> On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte
> wrote:
>>
>> Hi Mr Gandhi,
>> You must use CAS version at least 6.1.x.
>> The key will generate in log of CAS, when you build it.
>> Please try again.
>> Thanks
>>
>> Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi <
>> gandh...@imaginea.com> đã viết:
>>
>>> I'm facing the same issue with 5.2.X version of CAS. i'm having
>>> trouble to enable JWT for OIDC related flows.
>>>
>>> Can you please post any findings here, in case if you have solved
>>> this?
>>>
>>> On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon
>>> Ponaparte wrote:

 Hi all,
 I have trouble in enable Oauth JWT token on CAS overlay template
 version 6.0.

 I will sponsor 10$, if anyone help me in this case.

 I tried two tutorial on two link:

 1) Link 1
 JWT Of All Things With CAS
 https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
 But I have a trouble with cas shell.
 I have described it here (
 https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
 )
 2) Link 2
 Apereo CAS - OAuth JWT Access Tokens But it uses for cas version
 6.2.x.
 And this properties can't use

 cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
 

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Nguyen Tran Thanh Lam]

Hi Sneha,
Your client must use https too.
You can use Let's encrypt free SSL for you client.
Thank you.

Vào Th 5, 26 thg 3, 2020 vào lúc 10:05 Sneha Kashyap <
sneha.kash...@healthelife.in> đã viết:

> Hi napolean,
> Thanks for your prompt reply. Yes I do realise that the CAS oauth server
> works only on https protocol.
>
> What about the client applications that connect to the server? Must they
> be a https URL as well? Ideally that is not required by oauth2.. But
> somehow my application on http does not receive back the accesstoken from
> CAS oauth server.
>
> My question to you is, have you used serviceids values as a http URL and
> successful authenticated your application?
> Foe example: serviceid: "http://example.com/.*;
>
> Does such a URL get successful authentication in CAS oauth2 server?
>
> Thanks & regards
> Sneha
>
> On Thu, 26 Mar, 2020, 6:54 am Nguyen Tran Thanh Lam, <
> naphaluan211...@gmail.com> wrote:
>
>> Hi Sneha,
>> I know this.
>> You must use https for Oauth2
>> Thank you
>>
>> Vào Th 5, 26 thg 3, 2020 vào lúc 01:52 Sneha Kashyap <
>> sneha.kash...@healthelife.in> đã viết:
>>
>>> Hi napolean,
>>> Do you have any idea if there is restriction by CAS oauth2 server to use
>>> http urls instead of https urls in service id to be authenticated?
>>>
>>> Thanks sneha
>>>
>>> On Mon, 23 Mar, 2020, 10:37 pm Sneha, 
>>> wrote:
>>>
 Hello All,

 Replying on this post as it is the most recent post on OAuth
 authentication.I am back working on the project again.

 Having gotten the oauth2 with JWT sample code working on CAS 6.1
 overlay I find that It works on service ids with https URLs but on
 configuring  http URLs I am unable to obtain the JWT or access token with a
 successful authentication and code generated. I am getting the following
 output on debug logs on the server side:



 my json registration:

 {
   "@class" :
 "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
   "clientId": "exampleOauthClient",
   "clientSecret": "test1",
   "serviceId": "^http://localhost:/.*;,
 "name": "oauth2test",
 "id": 6,
   "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code"
 ] ],
   "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
   "attributeReleasePolicy": {
 "@class":
 "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
 "principalAttributesRepository": {
 "@class":
 "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
 },
},
 "jwtAccessToken": true,
 "usernameAttributeProvider": {
 "@class":
 "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
 "usernameAttribute": "username"
   }
 }


 On the client side, i receive a 403 forbidden status or a 401 :

 Not sure what I am missing out.. Or does the CAS OAuth server allow
 only clients with https urls to participate in SSO?
 Any inputs regarding this will be of great help..

 Thanks
 Sneha
 On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte
 wrote:
>
> Hi Mr Gandhi,
> You must use CAS version at least 6.1.x.
> The key will generate in log of CAS, when you build it.
> Please try again.
> Thanks
>
> Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi 
> đã viết:
>
>> I'm facing the same issue with 5.2.X version of CAS. i'm having
>> trouble to enable JWT for OIDC related flows.
>>
>> Can you please post any findings here, in case if you have solved
>> this?
>>
>> On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon
>> Ponaparte wrote:
>>>
>>> Hi all,
>>> I have trouble in enable Oauth JWT token on CAS overlay template
>>> version 6.0.
>>>
>>> I will sponsor 10$, if anyone help me in this case.
>>>
>>> I tried two tutorial on two link:
>>>
>>> 1) Link 1
>>> JWT Of All Things With CAS
>>> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
>>> But I have a trouble with cas shell.
>>> I have described it here (
>>> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
>>> )
>>> 2) Link 2
>>> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version
>>> 6.2.x.
>>> And this properties can't use
>>>
>>> cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
>>> cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false
>>>
>>> Thank you.
>>>
>>>
>>>
>>>
>>>
>> *This mail contains confidential information intended only for the
>> individual(s) 

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Sneha Kashyap]

Hi Ron,
Thanks for your reply.

 Our REST application behind a Kong gateway is using http. The public
exposed url however is a https URL.

I do not see any such documentation that the serviceid is required to be a
https URL for successful authentication. Usually no such restrictions are
specified by the oauth servers..

Still i have no clarity and am unable to debug to code to findout what the
issue is as the same client application works well when on https and
doesn't when on Http protocol..

Thanks
Sneha

On Thu, 26 Mar, 2020, 9:16 pm Ray Bon,  wrote:

> Sneha,
>
> I have not used oauth2 and do not know how that protocol is handled in
> cas. I do know that other CAS protocols required back channel
> communication, and that is always https.
>
> The real question is, why, in this day and age, do you want to use http?
>
> For testing it is easy to create your own certificates. For external
> sites, https://letsencrypt.org/
>
> Ray
>
> On Thu, 2020-03-26 at 08:35 +0530, Sneha Kashyap wrote:
>
> Hi napolean,
> Thanks for your prompt reply. Yes I do realise that the CAS oauth server
> works only on https protocol.
>
> What about the client applications that connect to the server? Must they
> be a https URL as well? Ideally that is not required by oauth2.. But
> somehow my application on http does not receive back the accesstoken from
> CAS oauth server.
>
> My question to you is, have you used serviceids values as a http URL and
> successful authenticated your application?
> Foe example: serviceid: "http://example.com/.*;
>
> Does such a URL get successful authentication in CAS oauth2 server?
>
> Thanks & regards
> Sneha
>
> On Thu, 26 Mar, 2020, 6:54 am Nguyen Tran Thanh Lam, <
> naphaluan211...@gmail.com> wrote:
>
> Hi Sneha,
> I know this.
> You must use https for Oauth2
> Thank you
>
> Vào Th 5, 26 thg 3, 2020 vào lúc 01:52 Sneha Kashyap <
> sneha.kash...@healthelife.in> đã viết:
>
> Hi napolean,
> Do you have any idea if there is restriction by CAS oauth2 server to use
> http urls instead of https urls in service id to be authenticated?
>
> Thanks sneha
>
> On Mon, 23 Mar, 2020, 10:37 pm Sneha, 
> wrote:
>
> Hello All,
>
> Replying on this post as it is the most recent post on OAuth
> authentication.I am back working on the project again.
>
> Having gotten the oauth2 with JWT sample code working on CAS 6.1 overlay I
> find that It works on service ids with https URLs but on configuring  http
> URLs I am unable to obtain the JWT or access token with a successful
> authentication and code generated. I am getting the following output on
> debug logs on the server side:
>
>
>
> my json registration:
>
> {
>   "@class" :
> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "clientId": "exampleOauthClient",
>   "clientSecret": "test1",
>   "serviceId": "^http://localhost:/.*;,
> "name": "oauth2test",
> "id": 6,
>   "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
>   "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
>   "attributeReleasePolicy": {
> "@class":
> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
> "principalAttributesRepository": {
> "@class":
> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
> },
>},
> "jwtAccessToken": true,
> "usernameAttributeProvider": {
> "@class":
> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
> "usernameAttribute": "username"
>   }
> }
>
>
> On the client side, i receive a 403 forbidden status or a 401 :
>
> Not sure what I am missing out.. Or does the CAS OAuth server allow only
> clients with https urls to participate in SSO?
> Any inputs regarding this will be of great help..
>
> Thanks
> Sneha
> On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte
> wrote:
>
> Hi Mr Gandhi,
> You must use CAS version at least 6.1.x.
> The key will generate in log of CAS, when you build it.
> Please try again.
> Thanks
>
> Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi 
> đã viết:
>
> I'm facing the same issue with 5.2.X version of CAS. i'm having trouble to
> enable JWT for OIDC related flows.
>
> Can you please post any findings here, in case if you have solved this?
>
> On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon Ponaparte
> wrote:
>
> Hi all,
> I have trouble in enable Oauth JWT token on CAS overlay template version
> 6.0.
>
> I will sponsor 10$, if anyone help me in this case.
>
> I tried two tutorial on two link:
>
> 1) Link 1
> JWT Of All Things With CAS
> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
> But I have a trouble with cas shell.
> I have described it here (
> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
> )
> 2) Link 2
> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version 6.2.x.
> And this properties can't use
>
> 

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Ray Bon]

Sneha,

I have not used oauth2 and do not know how that protocol is handled in cas. I 
do know that other CAS protocols required back channel communication, and that 
is always https.

The real question is, why, in this day and age, do you want to use http?

For testing it is easy to create your own certificates. For external sites, 
https://letsencrypt.org/

Ray

On Thu, 2020-03-26 at 08:35 +0530, Sneha Kashyap wrote:
Hi napolean,
Thanks for your prompt reply. Yes I do realise that the CAS oauth server works 
only on https protocol.

What about the client applications that connect to the server? Must they be a 
https URL as well? Ideally that is not required by oauth2.. But somehow my 
application on http does not receive back the accesstoken from CAS oauth server.

My question to you is, have you used serviceids values as a http URL and 
successful authenticated your application?
Foe example: serviceid: "http://example.com/.*;

Does such a URL get successful authentication in CAS oauth2 server?

Thanks & regards
Sneha

On Thu, 26 Mar, 2020, 6:54 am Nguyen Tran Thanh Lam, 
mailto:naphaluan211...@gmail.com>> wrote:
Hi Sneha,
I know this.
You must use https for Oauth2
Thank you

Vào Th 5, 26 thg 3, 2020 vào lúc 01:52 Sneha Kashyap 
mailto:sneha.kash...@healthelife.in>> đã viết:
Hi napolean,
Do you have any idea if there is restriction by CAS oauth2 server to use http 
urls instead of https urls in service id to be authenticated?

Thanks sneha

On Mon, 23 Mar, 2020, 10:37 pm Sneha, 
mailto:sneha.kash...@healthelife.in>> wrote:
Hello All,

Replying on this post as it is the most recent post on OAuth authentication.I 
am back working on the project again.

Having gotten the oauth2 with JWT sample code working on CAS 6.1 overlay I find 
that It works on service ids with https URLs but on configuring  http URLs I am 
unable to obtain the JWT or access token with a successful authentication and 
code generated. I am getting the following output on debug logs on the server 
side:

[cid:0804684d777fd1aeabef9447ddf706c1c0bc629c.camel@uvic.ca]


my json registration:

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "exampleOauthClient",
  "clientSecret": "test1",
  "serviceId": "^http://localhost:/.*;,
"name": "oauth2test",
"id": 6,
  "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
  "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
  "attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
"principalAttributesRepository": {
"@class": 
"org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},
   },
"jwtAccessToken": true,
"usernameAttributeProvider": {
"@class": 
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute": "username"
  }
}


On the client side, i receive a 403 forbidden status or a 401 :

[cid:83d864b591938b491b4ba9ffa0f749f28a8648e0.camel@uvic.ca]
Not sure what I am missing out.. Or does the CAS OAuth server allow only 
clients with https urls to participate in SSO?
Any inputs regarding this will be of great help..

Thanks
Sneha
On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte wrote:
Hi Mr Gandhi,
You must use CAS version at least 6.1.x.
The key will generate in log of CAS, when you build it.
Please try again.
Thanks

Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi  đã viết:
I'm facing the same issue with 5.2.X version of CAS. i'm having trouble to 
enable JWT for OIDC related flows.

Can you please post any findings here, in case if you have solved this?

On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon Ponaparte wrote:
Hi all,
I have trouble in enable Oauth JWT token on CAS overlay template version 6.0.

I will sponsor 10$, if anyone help me in this case.

I tried two tutorial on two link:

1) Link 1
JWT Of All Things With CAS
https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
But I have a trouble with cas shell.
I have described it here 
(https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens)
2) Link 2
Apereo CAS - OAuth JWT Access Tokens
But it uses for cas version 6.2.x.
And this properties can't use

cas.authn.oauth.access-token.crypto.encryption.key

=


cas.authn.oauth.access-token.crypto.signing.key

=




cas.authn.oauth.access-token.crypto.enabled=false


cas.authn.oauth.access-token.crypto.signing-enabled

=

false


cas.authn.oauth.access-token.crypto.encryption-enabled

=

false



Thank you.




This mail contains confidential information intended only for the individual(s) 
named. If you’re not the named addressee, don’t disseminate, distribute or copy 
this e-mail. Please notify the sender immediately and delete it from your 
system.If you wish not to receive such e-mails you may reply with text 
“Unsubscribe”.

--
- Website: 

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Sneha Kashyap]

Hi napolean,
Thanks for your prompt reply. Yes I do realise that the CAS oauth server
works only on https protocol.

What about the client applications that connect to the server? Must they be
a https URL as well? Ideally that is not required by oauth2.. But somehow
my application on http does not receive back the accesstoken from CAS oauth
server.

My question to you is, have you used serviceids values as a http URL and
successful authenticated your application?
Foe example: serviceid: "http://example.com/.*;

Does such a URL get successful authentication in CAS oauth2 server?

Thanks & regards
Sneha

On Thu, 26 Mar, 2020, 6:54 am Nguyen Tran Thanh Lam, <
naphaluan211...@gmail.com> wrote:

> Hi Sneha,
> I know this.
> You must use https for Oauth2
> Thank you
>
> Vào Th 5, 26 thg 3, 2020 vào lúc 01:52 Sneha Kashyap <
> sneha.kash...@healthelife.in> đã viết:
>
>> Hi napolean,
>> Do you have any idea if there is restriction by CAS oauth2 server to use
>> http urls instead of https urls in service id to be authenticated?
>>
>> Thanks sneha
>>
>> On Mon, 23 Mar, 2020, 10:37 pm Sneha, 
>> wrote:
>>
>>> Hello All,
>>>
>>> Replying on this post as it is the most recent post on OAuth
>>> authentication.I am back working on the project again.
>>>
>>> Having gotten the oauth2 with JWT sample code working on CAS 6.1 overlay
>>> I find that It works on service ids with https URLs but on configuring
>>> http URLs I am unable to obtain the JWT or access token with a successful
>>> authentication and code generated. I am getting the following output on
>>> debug logs on the server side:
>>>
>>>
>>>
>>> my json registration:
>>>
>>> {
>>>   "@class" :
>>> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>>>   "clientId": "exampleOauthClient",
>>>   "clientSecret": "test1",
>>>   "serviceId": "^http://localhost:/.*;,
>>> "name": "oauth2test",
>>> "id": 6,
>>>   "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ]
>>> ],
>>>   "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
>>>   "attributeReleasePolicy": {
>>> "@class":
>>> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
>>> "principalAttributesRepository": {
>>> "@class":
>>> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
>>> },
>>>},
>>> "jwtAccessToken": true,
>>> "usernameAttributeProvider": {
>>> "@class":
>>> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
>>> "usernameAttribute": "username"
>>>   }
>>> }
>>>
>>>
>>> On the client side, i receive a 403 forbidden status or a 401 :
>>>
>>> Not sure what I am missing out.. Or does the CAS OAuth server allow only
>>> clients with https urls to participate in SSO?
>>> Any inputs regarding this will be of great help..
>>>
>>> Thanks
>>> Sneha
>>> On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte
>>> wrote:

 Hi Mr Gandhi,
 You must use CAS version at least 6.1.x.
 The key will generate in log of CAS, when you build it.
 Please try again.
 Thanks

 Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi 
 đã viết:

> I'm facing the same issue with 5.2.X version of CAS. i'm having
> trouble to enable JWT for OIDC related flows.
>
> Can you please post any findings here, in case if you have solved this?
>
> On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon
> Ponaparte wrote:
>>
>> Hi all,
>> I have trouble in enable Oauth JWT token on CAS overlay template
>> version 6.0.
>>
>> I will sponsor 10$, if anyone help me in this case.
>>
>> I tried two tutorial on two link:
>>
>> 1) Link 1
>> JWT Of All Things With CAS
>> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
>> But I have a trouble with cas shell.
>> I have described it here (
>> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
>> )
>> 2) Link 2
>> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version
>> 6.2.x.
>> And this properties can't use
>>
>> cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
>> cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false
>>
>> Thank you.
>>
>>
>>
>>
>>
> *This mail contains confidential information intended only for the
> individual(s) named. If you’re not the named addressee, don’t disseminate,
> distribute or copy this e-mail. Please notify the sender immediately and
> delete it from your system.If you wish not to receive such e-mails you may
> reply with text “Unsubscribe”.*
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: 

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Nguyen Tran Thanh Lam]

Hi Sneha,
I know this.
You must use https for Oauth2
Thank you

Vào Th 5, 26 thg 3, 2020 vào lúc 01:52 Sneha Kashyap <
sneha.kash...@healthelife.in> đã viết:

> Hi napolean,
> Do you have any idea if there is restriction by CAS oauth2 server to use
> http urls instead of https urls in service id to be authenticated?
>
> Thanks sneha
>
> On Mon, 23 Mar, 2020, 10:37 pm Sneha, 
> wrote:
>
>> Hello All,
>>
>> Replying on this post as it is the most recent post on OAuth
>> authentication.I am back working on the project again.
>>
>> Having gotten the oauth2 with JWT sample code working on CAS 6.1 overlay
>> I find that It works on service ids with https URLs but on configuring
>> http URLs I am unable to obtain the JWT or access token with a successful
>> authentication and code generated. I am getting the following output on
>> debug logs on the server side:
>>
>>
>>
>> my json registration:
>>
>> {
>>   "@class" :
>> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>>   "clientId": "exampleOauthClient",
>>   "clientSecret": "test1",
>>   "serviceId": "^http://localhost:/.*;,
>> "name": "oauth2test",
>> "id": 6,
>>   "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ]
>> ],
>>   "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
>>   "attributeReleasePolicy": {
>> "@class":
>> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
>> "principalAttributesRepository": {
>> "@class":
>> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
>> },
>>},
>> "jwtAccessToken": true,
>> "usernameAttributeProvider": {
>> "@class":
>> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
>> "usernameAttribute": "username"
>>   }
>> }
>>
>>
>> On the client side, i receive a 403 forbidden status or a 401 :
>>
>> Not sure what I am missing out.. Or does the CAS OAuth server allow only
>> clients with https urls to participate in SSO?
>> Any inputs regarding this will be of great help..
>>
>> Thanks
>> Sneha
>> On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte
>> wrote:
>>>
>>> Hi Mr Gandhi,
>>> You must use CAS version at least 6.1.x.
>>> The key will generate in log of CAS, when you build it.
>>> Please try again.
>>> Thanks
>>>
>>> Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi 
>>> đã viết:
>>>
 I'm facing the same issue with 5.2.X version of CAS. i'm having trouble
 to enable JWT for OIDC related flows.

 Can you please post any findings here, in case if you have solved this?

 On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon
 Ponaparte wrote:
>
> Hi all,
> I have trouble in enable Oauth JWT token on CAS overlay template
> version 6.0.
>
> I will sponsor 10$, if anyone help me in this case.
>
> I tried two tutorial on two link:
>
> 1) Link 1
> JWT Of All Things With CAS
> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
> But I have a trouble with cas shell.
> I have described it here (
> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
> )
> 2) Link 2
> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version
> 6.2.x.
> And this properties can't use
>
> cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
> cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false
>
> Thank you.
>
>
>
>
>
 *This mail contains confidential information intended only for the
 individual(s) named. If you’re not the named addressee, don’t disseminate,
 distribute or copy this e-mail. Please notify the sender immediately and
 delete it from your system.If you wish not to receive such e-mails you may
 reply with text “Unsubscribe”.*

 --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-...@apereo.org.
 To view this discussion on the web visit
 https://groups.google.com/a/apereo.org/d/msgid/cas-user/162ff6a6-d2e2-4149-aade-e404de062f06%40apereo.org
 
 .

>>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> 

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Sneha Kashyap]

Hi napolean,
Do you have any idea if there is restriction by CAS oauth2 server to use
http urls instead of https urls in service id to be authenticated?

Thanks sneha

On Mon, 23 Mar, 2020, 10:37 pm Sneha,  wrote:

> Hello All,
>
> Replying on this post as it is the most recent post on OAuth
> authentication.I am back working on the project again.
>
> Having gotten the oauth2 with JWT sample code working on CAS 6.1 overlay I
> find that It works on service ids with https URLs but on configuring  http
> URLs I am unable to obtain the JWT or access token with a successful
> authentication and code generated. I am getting the following output on
> debug logs on the server side:
>
>
>
> my json registration:
>
> {
>   "@class" :
> "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
>   "clientId": "exampleOauthClient",
>   "clientSecret": "test1",
>   "serviceId": "^http://localhost:/.*;,
> "name": "oauth2test",
> "id": 6,
>   "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
>   "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
>   "attributeReleasePolicy": {
> "@class":
> "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
> "principalAttributesRepository": {
> "@class":
> "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
> },
>},
> "jwtAccessToken": true,
> "usernameAttributeProvider": {
> "@class":
> "org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
> "usernameAttribute": "username"
>   }
> }
>
>
> On the client side, i receive a 403 forbidden status or a 401 :
>
> Not sure what I am missing out.. Or does the CAS OAuth server allow only
> clients with https urls to participate in SSO?
> Any inputs regarding this will be of great help..
>
> Thanks
> Sneha
> On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte
> wrote:
>>
>> Hi Mr Gandhi,
>> You must use CAS version at least 6.1.x.
>> The key will generate in log of CAS, when you build it.
>> Please try again.
>> Thanks
>>
>> Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi 
>> đã viết:
>>
>>> I'm facing the same issue with 5.2.X version of CAS. i'm having trouble
>>> to enable JWT for OIDC related flows.
>>>
>>> Can you please post any findings here, in case if you have solved this?
>>>
>>> On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon
>>> Ponaparte wrote:

 Hi all,
 I have trouble in enable Oauth JWT token on CAS overlay template
 version 6.0.

 I will sponsor 10$, if anyone help me in this case.

 I tried two tutorial on two link:

 1) Link 1
 JWT Of All Things With CAS
 https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
 But I have a trouble with cas shell.
 I have described it here (
 https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
 )
 2) Link 2
 Apereo CAS - OAuth JWT Access Tokens But it uses for cas version 6.2.x.
 And this properties can't use

 cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
 cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false

 Thank you.





>>> *This mail contains confidential information intended only for the
>>> individual(s) named. If you’re not the named addressee, don’t disseminate,
>>> distribute or copy this e-mail. Please notify the sender immediately and
>>> delete it from your system.If you wish not to receive such e-mails you may
>>> reply with text “Unsubscribe”.*
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/162ff6a6-d2e2-4149-aade-e404de062f06%40apereo.org
>>> 
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> 

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Sneha]

Hello All,

Replying on this post as it is the most recent post on OAuth 
authentication.I am back working on the project again. 

Having gotten the oauth2 with JWT sample code working on CAS 6.1 overlay I 
find that It works on service ids with https URLs but on configuring  http 
URLs I am unable to obtain the JWT or access token with a successful 
authentication and code generated. I am getting the following output on 
debug logs on the server side:



my json registration:

{
  "@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
  "clientId": "exampleOauthClient",
  "clientSecret": "test1",
  "serviceId": "^http://localhost:/.*;,
"name": "oauth2test",
"id": 6,
  "supportedGrantTypes": [ "java.util.HashSet", [ "authorization_code" ] ],
  "supportedResponseTypes": [ "java.util.HashSet", [ "code" ] ]
  "attributeReleasePolicy": {
"@class": "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
"principalAttributesRepository": {
"@class": 
"org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},
   },
"jwtAccessToken": true,
"usernameAttributeProvider": {
"@class": 
"org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider",
"usernameAttribute": "username"
  }
}


On the client side, i receive a 403 forbidden status or a 401 :

Not sure what I am missing out.. Or does the CAS OAuth server allow only 
clients with https urls to participate in SSO?
Any inputs regarding this will be of great help..

Thanks
Sneha
On Tuesday, March 10, 2020 at 3:01:34 PM UTC+5:30, Napoleon Ponaparte wrote:
>
> Hi Mr Gandhi,
> You must use CAS version at least 6.1.x.
> The key will generate in log of CAS, when you build it.
> Please try again.
> Thanks
>
> Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi  > đã viết:
>
>> I'm facing the same issue with 5.2.X version of CAS. i'm having trouble 
>> to enable JWT for OIDC related flows.
>>
>> Can you please post any findings here, in case if you have solved this?
>>
>> On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon Ponaparte 
>> wrote:
>>>
>>> Hi all,
>>> I have trouble in enable Oauth JWT token on CAS overlay template version 
>>> 6.0.
>>>
>>> I will sponsor 10$, if anyone help me in this case.
>>>
>>> I tried two tutorial on two link:
>>>
>>> 1) Link 1
>>> JWT Of All Things With CAS 
>>> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
>>> But I have a trouble with cas shell.
>>> I have described it here (
>>> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
>>> )
>>> 2) Link 2
>>> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version 6.2.x.
>>> And this properties can't use
>>>
>>> cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
>>>  
>>> cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false
>>>
>>> Thank you.
>>>
>>>
>>>
>>>
>>>
>> *This mail contains confidential information intended only for the 
>> individual(s) named. If you’re not the named addressee, don’t disseminate, 
>> distribute or copy this e-mail. Please notify the sender immediately and 
>> delete it from your system.If you wish not to receive such e-mails you may 
>> reply with text “Unsubscribe”.* 
>>
>> -- 
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to cas-...@apereo.org .
>> To view this discussion on the web visit 
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/162ff6a6-d2e2-4149-aade-e404de062f06%40apereo.org
>>  
>> 
>> .
>>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a0b3ad99-6a8c-4967-b8eb-0a4c30f6259c%40apereo.org.

Re: [cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Nguyen Tran Thanh Lam]

Hi Mr Gandhi,
You must use CAS version at least 6.1.x.
The key will generate in log of CAS, when you build it.
Please try again.
Thanks

Vào Th 3, 10 thg 3, 2020 vào lúc 16:15 Gandhi 
đã viết:

> I'm facing the same issue with 5.2.X version of CAS. i'm having trouble to
> enable JWT for OIDC related flows.
>
> Can you please post any findings here, in case if you have solved this?
>
> On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon Ponaparte
> wrote:
>>
>> Hi all,
>> I have trouble in enable Oauth JWT token on CAS overlay template version
>> 6.0.
>>
>> I will sponsor 10$, if anyone help me in this case.
>>
>> I tried two tutorial on two link:
>>
>> 1) Link 1
>> JWT Of All Things With CAS
>> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
>> But I have a trouble with cas shell.
>> I have described it here (
>> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
>> )
>> 2) Link 2
>> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version 6.2.x.
>> And this properties can't use
>>
>> cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
>> cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false
>>
>> Thank you.
>>
>>
>>
>>
>>
> *This mail contains confidential information intended only for the
> individual(s) named. If you’re not the named addressee, don’t disseminate,
> distribute or copy this e-mail. Please notify the sender immediately and
> delete it from your system.If you wish not to receive such e-mails you may
> reply with text “Unsubscribe”.*
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/162ff6a6-d2e2-4149-aade-e404de062f06%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEjUsAheobOHp%3Ddrs8OB-rY3N%2BhUKANCHjZZguUjh71qTO7GFQ%40mail.gmail.com.

[cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Gandhi]

I'm facing the same issue with 5.2.X version of CAS. i'm having trouble to 
enable JWT for OIDC related flows.

Can you please post any findings here, in case if you have solved this?

On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon Ponaparte 
wrote:
>
> Hi all,
> I have trouble in enable Oauth JWT token on CAS overlay template version 
> 6.0.
>
> I will sponsor 10$, if anyone help me in this case.
>
> I tried two tutorial on two link:
>
> 1) Link 1
> JWT Of All Things With CAS 
> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
> But I have a trouble with cas shell.
> I have described it here (
> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
> )
> 2) Link 2
> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version 6.2.x.
> And this properties can't use
>
> cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
>  
> cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false
>
> Thank you.
>
>
>
>
>
-- 
_This mail contains confidential information intended only for the 
individual(s) named. If you’re not the named addressee, don’t disseminate, 
distribute or copy this e-mail. Please notify the sender immediately and 
delete it from your system.If you wish not to receive such e-mails you may 
reply with text “Unsubscribe”._

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/162ff6a6-d2e2-4149-aade-e404de062f06%40apereo.org.

[cas-user] Re: [Enable Oauth JWT token on CAS overlay template version 6.0]

[Sneha]

Hi Napolean,

I am facing the same issue to implement the JWT access token. Have you 
found any solution for the problem?
Regards
Sneha

On Thursday, February 13, 2020 at 8:48:02 AM UTC+5:30, Napoleon Ponaparte 
wrote:
>
> Hi all,
> I have trouble in enable Oauth JWT token on CAS overlay template version 
> 6.0.
>
> I will sponsor 10$, if anyone help me in this case.
>
> I tried two tutorial on two link:
>
> 1) Link 1
> JWT Of All Things With CAS 
> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
> But I have a trouble with cas shell.
> I have described it here (
> https://stackoverflow.com/questions/60186080/generate-jwt-on-cas-apereo-version-6-0-for-oauth-jwt-access-tokens
> )
> 2) Link 2
> Apereo CAS - OAuth JWT Access Tokens But it uses for cas version 6.2.x.
> And this properties can't use
>
> cas.authn.oauth.access-token.crypto.encryption.key=cas.authn.oauth.access-token.crypto.signing.key=
>  
> cas.authn.oauth.access-token.crypto.enabled=falsecas.authn.oauth.access-token.crypto.signing-enabled=falsecas.authn.oauth.access-token.crypto.encryption-enabled=false
>
> Thank you.
>
>
>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/06030526-917b-4122-a89e-e74e45fc9c08%40apereo.org.