CAS 5.2.3 / JWT Service Ticket not working

[Michael JOIGNY]

Hi everybody,

I'm trying to configure my CAS server (5.2.3) with JWT Service Ticket in order to let CAS generates my jwt tokens but it's not working.

CAS keeps returning ST-xxx ticket instead of token=eyxxyyyzzz when i use curl to my service.

I've followed this links below :

https://apereo.github.io/cas/development/installation/Configure-ServiceTicket-JWT.html
https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/
https://www.npmjs.com/package/jwtgen

My json service definition :

{
  "@class" : "org.apereo.cas.services.RegexRegisteredService",
  "serviceId" : "^(http?|https?)://.*",
  "name" : "HTTPS",
  "id" : 10000001,
  "description" : "This service definition authorized all application urls that support HTTPS protocol.",
  "proxyPolicy" : {
    "@class" : "org.apereo.cas.services.RefuseRegisteredServiceProxyPolicy"
  },
  "properties" : {
    "@class" : "java.util.HashMap",
    "jwtSigningSecret" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
      "values" : [ "java.util.HashSet", [ "9qz--------DlSwNx" ] ]
},
    "jwtEncryptionSecret" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
      "values" : [ "java.util.HashSet", [ "j1cq----------Ssg" ] ]
    }
   "jwtSigningSecretAlg" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
      "values" : [ "java.util.HashSet", [ "HS512" ] ]
    },
    "jwtEncryptionSecretAlg" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
      "values" : [ "java.util.HashSet", [ "dir" ] ]
    },
    "jwtEncryptionSecretMethod" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
      "values" : [ "java.util.HashSet", [ "A256CBC-HS512" ] ]
    },

     "jwtSecretsAreBase64Encoded" : {
       "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
       "values" : [ "java.util.HashSet", [ "false" ] ]
    },

     "jwtAsResponse" : {
      "@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
      "values" : [ "java.util.HashSet", [ "true" ] ]
    }
}

  "usernameAttributeProvider" : {
    "@class" : "org.apereo.cas.services.DefaultRegisteredServiceUsernameProvider"
  },
 
"logoutType" : "BACK_CHANNEL",
  "attributeReleasePolicy" : {
    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy",
      "principalAttributesRepository" : {
      "@class" : "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository"
    },
        "authorizedToReleaseCredentialPassword" : false,
        "authorizedToReleaseProxyGrantingTicket" : false
  },
  "accessStrategy" : {
    "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
    "enabled" : true,
    "ssoEnabled" : true
  }
}

NB: same result with jwtAsResponse or jwtAsServiceTicket (https://groups.google.com/a/apereo.org/forum/#!search/CAS$205.2$20return$20JWT$20for$20service/cas-user/c2usB0G2400/x5YGL9YYAgAJ)

I'm using jwtgen to generate my token, you can find in my attached files (cas_starting.log and curl_cas.log).

Kind regards.

Michael.

[Michael JOIGNY]

correction : CAS keeps returning ST-xxx ticket instead of ticket=eyxxyyyzzz when i use curl to my service.

[Man H]

Attach cas.properties & dependencias.

Check 

3 4 5

<dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-token</artifactId> <version>${cas.version}</version> </dependency>

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/92cf8846-7f93-48c9-8aaa-ebdc722d8736%40apereo.org.

[Man H]

See

https://groups.google.com/a/apereo.org/d/msgid/cas-user/fd5502dd-f0bc-46b4-bedb-942d162ab5ff%40apereo.org

El jueves, 26 de abril de 2018, Michael JOIGNY <joigny....@gmail.com> escribió:

--

- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/000386e3-28e1-4b18-95ae-6ccf34519d55%40apereo.org.

[Michael JOIGNY]

Hi Manfredo Hopp,

Thanks for your feedback, i added my cas.properties and my pom.xml files.

I will try with the same configuration with CAS 5.2.4.

Kind regards.

See

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

[Michael JOIGNY]

I've tried with CAS 5.2.4 and this is the same result with "jwtAsServiceTicket" (ticket=ST..XXXX).

But with jwtAsResponse in my json file :

2018-04-27 11:33:34,561 ERROR [org.jasig.cas.client.util.CommonUtils] - <cas.example.org>
java.net.UnknownHostException: cas.example.org

I don't know why it produces this error "cas.example.org" because i'm using exactly the same Cas-Overlay-Template for generating my cas.war, i just set the cas version 5.2.4.

And with CAS 5.2.3 + jwtAsResponse, i have no errors in the logs....