CAS 6.4 OIDC JWKS missing key fields?
94 views
Skip to first unread message
Yan Zhou
Mar 7, 2023, 12:13:03 AM3/7/23
to CAS Community
Hi,,
CAS 6.4 OIDC JWKS endpoint looks like this. Our vendor has problem with its missing fields such as alg, kid, and use.
Anyone knows how to show these fields in JWKS? They showed us what Okta and Google OIDC provider presents, yes, they do have these fields.
This probably affects OIDC JWT access token header attributes as well.
Thanks,
Yan
{
"keys":
[
{
"kty":"RSA",
"n":"pwNNGZn0..............RW18eq6Asiw",
"e":"AQAB"
}
]
}
Guillaume EGRON
Mar 7, 2023, 10:29:12 AM3/7/23
to CAS Community, Yan Zhou
Hi,
we had a similar issue a few weeks ago with https://github.com/bigbluebutton/greenlight.
We generated a new JWKS file using the generate-oidc-jwks command available in https://apereo.github.io/cas/6.6.x/installation/Configuring-Commandline-Shell.html
we had a similar issue a few weeks ago with https://github.com/bigbluebutton/greenlight.
We generated a new JWKS file using the generate-oidc-jwks command available in https://apereo.github.io/cas/6.6.x/installation/Configuring-Commandline-Shell.html
Guillaume
Carl Waldbieser
Mar 7, 2023, 10:29:12 AM3/7/23
to cas-...@apereo.org
I noticed my JWKS was missing a kid and causing weird results in one of the OIDC libraries I use for testing.
I just added the kid to my key in the "keystore.jwks" manually. I just generated a uuid4, but you can use any ID unique to your keystore from what I understand.
The kid then appears on the endpoint.
Thanks,
Carl Waldbieser
ITS
Lafayette College
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a816b9c5-662f-4a75-b87e-414f350df5d3n%40apereo.org.
Yan Zhou
Mar 17, 2023, 12:58:13 PM3/17/23
to CAS Community, waldbiec
Does your JWKS have "alg" field? it does not seem to have that option.
This is what JWKS looks like in general, they do have "alg" field. I do not know how to get CAS JWKS to include it.
Yan
Carl Waldbieser
Mar 18, 2023, 12:07:57 AM3/18/23
to Yan Zhou, CAS Community
Yan,
No, our jwks doesn't have that property. But since that is just the algorithm (see https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-set-properties), you could probably manually specify the algorithm being used in the key by adding it directly to the JSON.
Thanks,
Carl Waldbieser
ITS
Lafayette College
Reply all
Reply to author
Forward
0 new messages