Posting resolution in hopes it may help someone else out.
In cas 5.2 you are supposed to use the jat property jwtAsServiceTicket but
it looks like there may be a bug in cas where you need to use the
(deprecated) jwtAsResponse instead.
properties : {
"@class" : "java.util.HashMap",
"jwtAsResponse" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "true" ] ]
}
}
Additionally, my bad on this one from misunderstanding the cas documents,
the
cas.authn.token.crypto.encryption.key and cas.authn.token.crypto.signing.key
accept key values directly, not file paths to files containing the keys.
Anyway, much thanks to Paul at Unicon for all his help. Support money well
spent.
-William
On Wednesday, April 11, 2018 at 5:40:16 PM UTC-5, William E. wrote:
>
> Hi all,
>
>
> I am trying to follow the CAS docs to configure a service to return jwt's
> but not having much success.
>
> Docs I am reading on this:
>
>
> https://apereo.github.io/cas/5.2.x/installation/Configure-ServiceTicket-JWT.html
>
> https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/ (JWT Service
> Tickets portion)
>
>
> My cas.properties has:
>
> cas.authn.token.crypto.enabled=true
> cas.authn.token.crypto.encryptionEnabled=true
> cas.authn.token.crypto.signing.key=/etc/cas/config/token-signing.jwk
> cas.authn.token.crypto.signing.keySize=512
> cas.authn.token.crypto.encryption.key=/etc/cas/config/token-encryption.jwk
> cas.authn.token.crypto.encryption.keySize=256
> cas.authn.token.crypto.alg=AES
>
>
> jwk's generated per docs:
>
> wget https://raw.githubusercontent.com/apereo/cas/master/etc/jwk-gen.jar
> java -jar jwk-gen.jar -t oct -s 512 >/etc/cas/config/token-signing.jwk
> java -jar jwk-gen.jar -t oct -s 256 >/etc/cas/config/token-encryption.jwk
>
> $ file /etc/cas/config/token*
> /etc/cas/config/token-encryption.jwk: ASCII text
> /etc/cas/config/token-signing.jwk: ASCII text
>
>
> Using maven overlay, my pom.xml has the rest snippet:
>
> <dependency>
> <groupId>org.apereo.cas</groupId>
> <artifactId>cas-server-support-token-tickets</artifactId>
> <version>${cas.version}</version>
> </dependency>
>
>
> My service has the jwt as ticket property:
>
> properties:
> {
> @class: java.util.LinkedHashMap
> jwtAsServiceTicket:
> {
> @class: org.apereo.cas.services.DefaultRegisteredServiceProperty
> values:
> [
> java.util.HashSet
> [
> "true"
> ]
> ]
> }
> }
>
> In the CAS CLI I can generate a jwt that appears valid. But when I use my
> service via web browser I see no header or cookie referencing a ticket with
> JWT- prefix, nor a jwt formatted base64 string, I just see the normal ST-
> ticket. I'm using a simple tomcat webapp wit cas client filters and
> java-cas-client 3.5.0.
>
> Anyone made JWT's work yet for cas 5.2.3? Any idea what step I missed?
>
> Thanks,
> William
>
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d8e6b961-be8a-4018-8c1b-e5b8d28a0759%40apereo.org.
