JWT as Service Ticket, not found in JPA DB
53 views
Skip to first unread message
Pablo Vidaurri
Mar 30, 2023, 12:05:28 PM3/30/23
to CAS Community
I'm following this to setup JWT as a service ticket: https://apereo.github.io/cas/6.5.x/installation/Configure-ServiceTicket-JWT.html
I am using global keys and not defining them in service json file.
I am able to login but get a failure when validating the ST. Looks like the ST being check is the encrypted/signed JWT:
ERROR [org.apereo.cas.ticket.DefaultTicketCatalog] - <Ticket definition for [eyJhbGciOiJu...qOWxGRS1sb2NhbGhvc3QifQ.] cannot be found in the ticket catalog which only contains the following ticket types: [[TGT, ST, RT, AT, PT, TST, OC, SART, ODUC, PGT, SATQ, ODT]]>
WARN [org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket [eyJhbGciOiJu...qOWxGRS1sb2NhbGhvc3QifQ.] does not exist.>
2023-03-30 10:15:43,875 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: eyJhbGciOiJu...qOWxGRS1sb2NhbGhvc3QifQ. for http://localhost:9003/login/cas
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Thu Mar 30 10:15:43 CDT 2023
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
WARN [org.apereo.cas.DefaultCentralAuthenticationService] - <Service ticket [eyJhbGciOiJu...qOWxGRS1sb2NhbGhvc3QifQ.] does not exist.>
2023-03-30 10:15:43,875 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: eyJhbGciOiJu...qOWxGRS1sb2NhbGhvc3QifQ. for http://localhost:9003/login/cas
ACTION: SERVICE_TICKET_VALIDATE_FAILED
APPLICATION: CAS
WHEN: Thu Mar 30 10:15:43 CDT 2023
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================
Is there a config missing that is not in the doucment?
-psv
Pablo Vidaurri
Apr 1, 2023, 12:34:19 AM4/1/23
to CAS Community, Pablo Vidaurri
For JWT as a service, what is the appropriate CAS Validation Filter to use on the client side? Or does this have to be custom Filter where I need to verify the signature, decode, and create the Assertion with principle?
Ray Bon
Apr 3, 2023, 12:19:03 PM4/3/23
to cas-...@apereo.org, psvid...@gmail.com
Pablo,
Are you looking for this flow diagram, https://apereo.github.io/cas/6.6.x/installation/Configure-ServiceTicket-JWT.html#flow-diagram ?
JWTs are validated on the service side, not in CAS.
Ray
On Fri, 2023-03-31 at 19:07 -0700, Pablo Vidaurri wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Pablo Vidaurri
Apr 7, 2023, 3:29:28 AM4/7/23
to CAS Community, Ray Bon, Pablo Vidaurri
Hi Ray, I was referring to the client receiving the JWT, verifying the signature, and extracting the JWT contents for further validation. It looks like this requires a custom filter and suprised the cas client does not already support this.
Btw, when I get the JWT as the ticket, it comes in as a query parameter. Is there a way to get this via header? What is the redirect query parameter for?
Reply all
Reply to author
Forward
0 new messages