Hi,
my current version of CAS is 6.6.0.
I'm using JWT with CAS and I set these configs:
cas.authn.token.crypto.enabled=true
cas.authn.token.crypto.encryptionEnabled=true
cas.authn.token.crypto.signingEnabled=true
cas.authn.token.crypto.alg=A256CBC-HS512
cas.authn.token.crypto.signing.key=***
cas.authn.token.crypto.signing.keySize=512
cas.authn.token.crypto.encryption.key=***
cas.authn.token.crypto.encryption.keySize=512
When I do login ona a specific service, CAS generates a valid JWT, but in the header it puts a random "kid" each time:
{
"alg": "HS512",
"typ": "JWT",
"kid": "56179e82-c6cb-4661-a181-aa2a6fb8b3c7"
}
So I can't validate this JWT with a jwk url, because the "kid" change each time. Is there a way to generate a static "kid"? I'm missing some configurations?
With CAS 6.5.2 the "kid" isn't generate at all with the same configuration.