Hi Everyone,
I would like to add the possibility to use JWT Authentication to my CAS Server, i followed this link
https://apereo.github.io/cas/4.2.x/installation/JWT-Authentication.html but it's not working.
Im using CAS Version 4.2.7 and Java Version : 1.8.0_40, i followed this steps below :
Step 1 : adding the token dependency to my pom.xml <dependency>
<groupId>org.jasig.cas</groupId>
<artifactId>cas-server-support-token-webflow</artifactId>
<version>${cas.version}</version>
</dependency>
Step 2 : adding the alas name in my deployerConfigContext.xml
NB : i'm already using this in my config :
<util:map id="authenticationHandlersResolvers">
<entry key-ref="proxyAuthenticationHandler" value-ref="proxyPrincipalResolver" />
<entry key-ref="primaryAuthenticationHandler" value-ref="primaryPrincipalResolver" />
<entry key-ref="ldapAuthenticationHandler" value="#{null}" />
</util:map>
<alias name="acceptUsersAuthenticationHandler" alias="primaryAuthenticationHandler" />
<alias name="personDirectoryPrincipalResolver" alias="primaryPrincipalResolver" />
<alias name="tokenAuthenticationHandler" alias="primaryAuthenticationHandler" />
So when i restart my CAS server, logs says :
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationHandlersResolvers': Cannot resolve reference to bean 'primar
yAuthenticationHandler' while setting bean property 'sourceMap'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'tokenAut
henticationHandler' is defined
So I added the bean id below :
<bean id="tokenAuthenticationHandler"
class="org.jasig.cas.services.DefaultRegisteredServiceProperty" />
Then after restarted, it's ok no more logs.
Step 3 : adding the secret in my HTTPSandIMAPS-10000001.json
"properties" : {
"@class" : "java.util.HashMap",
"jwtSigningSecret" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "my_secret_key" ] ]
},
Step 4 : generating my token using my secret key with https://www.npmjs.com/package/jwtgen
For example : jwtgen -a HS256 -s "my_secret_key" -p -e 9200 -v
algorithm: HS256
claims:
{
"iat": 1519642449,
"exp": 1519651650
}
headers:
{
"typ": "JWT",
"alg": "HS256"
}
token:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1MTk2NDI0NDksImV4cCI6MTUxOTY1MTY1MH0.G7JjoEu......
Step 5 : curling my CAS Server with one of my service using my token
curl -i "https://myserver/cas/login?service=https://my_url_service&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1MTk2NDI0NDksImV4cCI6MTUxOTY1MTY1MH0.G7JjoEu......"
CAS Logs :
2018-02-26 11:58:12,570 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for warn cookie generator to: /cas/ >
2018-02-26 11:58:12,570 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies for TGC cookie generator to: /cas/ >
2018-02-26 11:58:12,574 DEBUG [org.jasig.cas.web.support.DefaultArgumentExtractor] - <Created https://my_url_service based on org.jasig.cas.authentication.principal.WebApplicationServiceFactory@2fe3ffc2>
2018-02-26 11:58:12,575 DEBUG [org.jasig.cas.web.support.DefaultArgumentExtractor] - <Extractor generated service for: https://my_url_service>
2018-02-26 11:58:12,581 DEBUG [org.jasig.cas.util.RegexUtils] - <Pattern ^https://www.apereo.org is a valid regex.>
2018-02-26 11:58:12,582 DEBUG [org.jasig.cas.util.RegexUtils] - <Pattern ^(http?|https?)://.* is a valid regex.>
2018-02-26 11:58:12,801 DEBUG [org.jasig.cas.services.web.RegisteredServiceThemeBasedViewResolver] - <View resolved: /WEB-INF/view/jsp/default/ui/casLoginView.jsp>
2018-02-26 11:58:12,940 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML>
2018-02-26 11:58:12,941 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML>
2018-02-26 11:58:12,942 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML>
2018-02-26 11:58:12,942 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <Loading properties [messages.properties] with encoding 'UTF-8'>
2018-02-26 11:58:13,002 WARN [org.jasig.cas.web.view.CasReloadableMessageBundle] - <The code [login.forgot.password] cannot be found in the default language bundle and will be used as the message itself.>
2018-02-26 11:58:13,002 WARN [org.jasig.cas.web.view.CasReloadableMessageBundle] - <The code [login.not.subscribed] cannot be found in the default language bundle and will be used as the message itself.>
2018-02-26 11:58:13,003 WARN [org.jasig.cas.web.view.CasReloadableMessageBundle] - <The code [login.subscribe] cannot be found in the default language bundle and will be used as the message itself.>
2018-02-26 11:58:13,003 WARN [org.jasig.cas.web.view.CasReloadableMessageBundle] - <The code [login.help.question] cannot be found in the default language bundle and will be used as the message itself.>
2018-02-26 11:58:13,004 WARN [org.jasig.cas.web.view.CasReloadableMessageBundle] - <The code [login.contact] cannot be found in the default language bundle and will be used as the message itself.>
2018-02-26 11:58:15,243 DEBUG [org.jasig.cas.util.CasSpringBeanJobFactory] - <Created job org.jasig.cas.services.DefaultServicesManagerImpl$ServiceRegistryReloaderJob@5784c77a for bundle org.quartz.spi.TriggerFiredBundle@5ffb6449>
2018-02-26 11:58:15,245 DEBUG [org.jasig.cas.util.CasSpringBeanJobFactory] - <Autowired job per the application context>
No tickets are created, am i missing something ?
Kind Regards,
Michael