Unknown encryption/secret key WARN message at startup

Adam Causey

unread,

Dec 4, 2017, 8:49:07 AM12/4/17

to cas-...@apereo.org

I am receiving the WARN messages below during CAS 5.1 startup. I have set the tgc and clearPass encryptionKeys and secretKeys This message does not specify a module for the encryption/secret key, so I'm not sure where to put the generated values.

2017-12-04 08:34:52,049 [main] WARN org.apereo.cas.util.cipher.BaseBinaryCipherExecutor - Secret key for signing is not defined. CAS will attempt to auto-generate the signing key

2017-12-04 08:34:52,054 [main] WARN org.apereo.cas.util.cipher.BaseBinaryCipherExecutor - Generated signing key [

ABC]

of size [512]. The generated key MUST be added to CAS settings.

2017-12-04 08:34:52,054 [main] WARN org.apereo.cas.util.cipher.BaseBinaryCipherExecutor - No encryption key is defined. CAS will attempt to auto-generate keys

2017-12-04 08:34:52,054 [main] WARN org.apereo.cas.util.cipher.BaseBinaryCipherExecutor - Generated encryption key [

123

] of size [16]. The generated key MUST be added to CAS settings.

Thanks!

-Adam

David Curry

unread,

Dec 4, 2017, 9:12:52 AM12/4/17

to cas-...@apereo.org

Those are probably referring to missing signing/encryption keys for Spring Webflow encryption, since you say you have the tgc properties configured. (Although you should also check the properties you have set for tgc encryption; all the sigining/encryption key properties were "rationalized" in one of the point releases, and if you're using the old names, it won't work.)

You configure the Spring Webflow signing key pretty much the same way (it's a JSON web key), but the encryption key is not a JWK, so it's a little different.

See this:

https://dacurry-tns.github.io/deploying-apereo-cas/building_server_configure-server-properties.html#configure-spring-webflow-encryption

https://dacurry-tns.github.io/deploying-apereo-cas/building_server_configure-server-properties.html#configure-ticket-granting-cookie-encryption

--Dave

--

DAVID A. CURRY, CISSP
DIRECTOR OF INFORMATION SECURITY
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david...@newschool.edu

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAN6MV5MBNTfts9Et9_osuxpEffe-R0XGdcF6LBNhrD3pPj8WbA%40mail.gmail.com.

Ray Bon

unread,

Dec 4, 2017, 12:31:33 PM12/4/17

to cas-...@apereo.org

Adam,

Check these parameters:

cas.webflow.signing.key

cas.webflow.encryption.key

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

Reply all

Reply to author

Forward