Re: [cas-user] CAS 6.4 OIDC JWKS missing key fields?
Yan,
No, our jwks doesn't have that property. But since that is just the
algorithm (see
https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-set-properties),
you could probably manually specify the algorithm being used in the key by
adding it directly to the JSON.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Fri, Mar 17, 2023 at 12:04 PM Yan Zhou wrote:
> Does your JWKS have "alg" field? it does not seem to have that option.
>
> This is what JWKS looks like in general, they do have "alg" field. I do
> not know how to get CAS JWKS to include it.
>
> Yan
>
> On Tuesday, March 7, 2023 at 10:29:12 AM UTC-5 waldbiec wrote:
>
>> I noticed my JWKS was missing a kid and causing weird results in one of
>> the OIDC libraries I use for testing.
>> I just added the kid to my key in the "keystore.jwks" manually. I just
>> generated a uuid4, but you can use any ID unique to your keystore from what
>> I understand.
>> The kid then appears on the endpoint.
>>
>> Thanks,
>> Carl Waldbieser
>> ITS
>> Lafayette College
>>
>> On Tue, Mar 7, 2023 at 12:13 AM Yan Zhou wrote:
>>
>>> Hi,,
>>>
>>> CAS 6.4 OIDC JWKS endpoint looks like this. Our vendor has problem
>>> with its missing fields such as alg, kid, and use.
>>>
>>> Anyone knows how to show these fields in JWKS? They showed us what Okta
>>> and Google OIDC provider presents, yes, they do have these fields.
>>>
>>> This probably affects OIDC JWT access token header attributes as well.
>>>
>>> Thanks,
>>> Yan
>>>
>>> {
>>>
>>> "keys":
>>>
>>> [
>>>
>>> {
>>>
>>> "kty":"RSA",
>>>
>>> "n":"pwNNGZn0..RW18eq6Asiw",
>>>
>>> "e":"AQAB"
>>>
>>> }
>>>
>>> ]
>>>
>>> }
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+u...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a816b9c5-662f-4a75-b87e-414f350df5d3n%40apereo.org
>>>
>>> .
>>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbM-mAJJCmWEXRZ2YyoUeeh9nPKeXSiRpLPOsO7M57CGGg%40mail.gmail.com.
Re: [cas-user] CAS 6.4 OIDC JWKS missing key fields?
Does your JWKS have "alg" field? it does not seem to have that option.
This is what JWKS looks like in general, they do have "alg" field. I do not
know how to get CAS JWKS to include it.
Yan
On Tuesday, March 7, 2023 at 10:29:12 AM UTC-5 waldbiec wrote:
> I noticed my JWKS was missing a kid and causing weird results in one of
> the OIDC libraries I use for testing.
> I just added the kid to my key in the "keystore.jwks" manually. I just
> generated a uuid4, but you can use any ID unique to your keystore from what
> I understand.
> The kid then appears on the endpoint.
>
> Thanks,
> Carl Waldbieser
> ITS
> Lafayette College
>
> On Tue, Mar 7, 2023 at 12:13 AM Yan Zhou wrote:
>
>> Hi,,
>>
>> CAS 6.4 OIDC JWKS endpoint looks like this. Our vendor has problem with
>> its missing fields such as alg, kid, and use.
>>
>> Anyone knows how to show these fields in JWKS? They showed us what Okta
>> and Google OIDC provider presents, yes, they do have these fields.
>>
>> This probably affects OIDC JWT access token header attributes as well.
>>
>> Thanks,
>> Yan
>>
>> {
>>
>> "keys":
>>
>> [
>>
>> {
>>
>> "kty":"RSA",
>>
>> "n":"pwNNGZn0..RW18eq6Asiw",
>>
>> "e":"AQAB"
>>
>> }
>>
>> ]
>>
>> }
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+u...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a816b9c5-662f-4a75-b87e-414f350df5d3n%40apereo.org
>>
>>
>> .
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/449d95f3-714d-479a-84b8-caeb1db30c15n%40apereo.org.
Re: [cas-user] CAS 6.4 OIDC JWKS missing key fields?
I noticed my JWKS was missing a kid and causing weird results in one of the
OIDC libraries I use for testing.
I just added the kid to my key in the "keystore.jwks" manually. I just
generated a uuid4, but you can use any ID unique to your keystore from what
I understand.
The kid then appears on the endpoint.
Thanks,
Carl Waldbieser
ITS
Lafayette College
On Tue, Mar 7, 2023 at 12:13 AM Yan Zhou wrote:
> Hi,,
>
> CAS 6.4 OIDC JWKS endpoint looks like this. Our vendor has problem with
> its missing fields such as alg, kid, and use.
>
> Anyone knows how to show these fields in JWKS? They showed us what Okta
> and Google OIDC provider presents, yes, they do have these fields.
>
> This probably affects OIDC JWT access token header attributes as well.
>
> Thanks,
> Yan
>
> {
>
> "keys":
>
> [
>
> {
>
> "kty":"RSA",
>
> "n":"pwNNGZn0..RW18eq6Asiw",
>
> "e":"AQAB"
>
> }
>
> ]
>
> }
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/a816b9c5-662f-4a75-b87e-414f350df5d3n%40apereo.org
>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbNZ%2B6%3DNbtqSVAbge%2Bm%3DUbhSNrkGCEP4qYSXNpmaRDWHKw%40mail.gmail.com.
[cas-user] CAS 6.4 OIDC JWKS missing key fields?
Hi,,
CAS 6.4 OIDC JWKS endpoint looks like this. Our vendor has problem with
its missing fields such as alg, kid, and use.
Anyone knows how to show these fields in JWKS? They showed us what Okta
and Google OIDC provider presents, yes, they do have these fields.
This probably affects OIDC JWT access token header attributes as well.
Thanks,
Yan
{
"keys":
[
{
"kty":"RSA",
"n":"pwNNGZn0..RW18eq6Asiw",
"e":"AQAB"
}
]
}
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/a816b9c5-662f-4a75-b87e-414f350df5d3n%40apereo.org.
