Error CAS 7.0.1
126 views
Skip to first unread message
lanf detroy
Feb 14, 2024, 9:54:27 AM2/14/24
to CAS Community
Hello,
I have a problem when starting CAS (v7.0.1):
Can you tell me what I need to add or correct?
INFO [org.apereo.cas.util.CoreTicketUtils] - <Ticket registry encryption/signing is turned off. This MAY NOT be safe in a clustered production environment. Consider using other choices to handle encryption, signing and verification of ticket registry tickets, and verify the chosen ticket registry does support this behavior.>
INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [OidcRegisteredServiceJwtAccessTokenCipherExecutor] will attempt to produce plain objects>
INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [OidcRegisteredServiceJwtAccessTokenCipherExecutor] will attempt to produce plain objects>
Thx you
Erik Mallory
Feb 14, 2024, 1:08:12 PM2/14/24
to cas-...@apereo.org
Research the following attributes. there should be instructions in the documentation on how to generate the keys.
cas.tgc.crypto.encryption.key-size
cas.tgc.crypto.signing.key
cas.tgc.crypto.signing.key
cas.webflow.crypto.*
If you're using hazelcast:
cas.ticket.registry.hazelcast.crypto.*
Best of luck.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/d1dbad3b-98ec-4263-8c44-0dd9dd97b630n%40apereo.org.
Erik Mallory
------------------------ "A happy man's paradise is his own good nature." - Edward Abbey
Ray Bon
Feb 14, 2024, 1:08:13 PM2/14/24
to cas-...@apereo.org
Those are not errors.
CoreTicketUtils
Either your registry does not support encryption or you have not provided the properties. This is what my log line looks like:
cas | 2024-02-14 16:16:53,778 DEBUG [ org.aper.cas.util.CoreTicketUtils] - <Ticket registry encryption/signing is enabled for [hazelcast]> [main]
BaseStringCipherExecutor
I also see this message even when I do not enable tokens, OIDC, nor Oauth2.
It may be an internal system.
If you are using any of those systems (or anything that has encryption / signing options), make sure you set the e / s properties.
Ray
On Wed, 2024-02-14 at 05:44 -0800, lanf detroy wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Ray Bon
Feb 21, 2024, 12:28:56 AM2/21/24
to cas-...@apereo.org
Test OIDC and see if it sends encrypted tokens.
Ray
On Tue, 2024-02-20 at 10:08 +0100, Lanfdetroy wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Hello,
I use Redis instead of Hazelcast. I had forgotten a parameter. But I still have some info in the debug. I activated OIDC. Did I forget something? Why information on Encryption/Signing token/jwt tickets not enabled, is there a link with oidc? What setting am I missing? 2024-02-20 09:41:28,470 INFO [org.apereo.cas.redis.core.RedisObjectFactory] - <Redis native connection sharing is turned [on]> 2024-02-20 09:41:32,498 DEBUG [org.apereo.cas.util.CoreTicketUtils] - <Ticket registry encryption/signing is enabled for [redis]> 2024-02-20 09:41:33,282 DEBUG [org.apereo.cas.authentication.attribute.DefaultAttributeDefinitionStore] - <Loaded [0] attribute definition(s).> 2024-02-20 09:41:33,322 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <No attribute repository sources are available/defined to merge together.> 2024-02-20 09:41:33,425 DEBUG [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Attribute repository sources are not available for person-directory principal resolution> 2024-02-20 09:41:34,175 DEBUG [org.apereo.cas.oidc.jwks.generator.OidcDefaultJsonWebKeystoreGeneratorService] - <Given resource [file:///etc/cas/config/keystore.jwks] cannot be parsed as a raw JSON web keystore> 2024-02-20 09:41:34,178 INFO [org.apereo.cas.util.io.PathWatcherService] - <Watching directory path at [/etc/cas/config]> 2024-02-20 09:41:34,319 DEBUG [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not enabled for [Token/JWT Tickets]. The cipher [OidcRegisteredServiceJwtAccessTokenCipherExecutor] will only attempt to produce signed objects> 2024-02-20 09:41:34,325 INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [OidcRegisteredServiceJwtAccessTokenCipherExecutor] will attempt to produce plain objects>
Reply all
Reply to author
Forward
0 new messages