Issue while decrypting JWT service ticket (CAS 5.2.1)

DN

unread,

Jan 25, 2018, 4:54:06 AM1/25/18

to CAS Community

Hi,

We would like to use JWT service tickets for one of the client applications and while trying it out we face an issue while decrypting the JWT ticket; details as follows :

We are currently using CAS official release 5.2.1.

As per the informative blog article ' https://apereo.github.io/2017/10/17/cas-jwt-authn-with-duo/ ' we managed to configure CAS to provide JWT tickets, so the url looks something like :

https://testclient.abc.com:9444/sample/?ticket=eyJhbGciOiJIUzUxMiJ9.WlhsS05tRllRV2xQYVVwRlVsVlphVXhEU21oaVIyTnBUMmxLYTJGWVNXbE1RMHBzWW0xTmFVOXBTa0pOVkVrMFVUQktSRXhW.......

In the client (a nodejs based application), we manage to verify the signature of the jwt ticket with the signing secret as configured in CAS (cas.authn.token.crypto.signing.key=O9aIfNn-yHDP2BEN....). We used the npm 'jsonwebtoken' package for verification.
However, after verification we are unable to decrypt the payload using one of the standard npm package -> node-jose which expects a JWE kind of JWT token.
After having a look at the CAS code base, what I infer is that the JWT service ticket generated by CAS isn't a JWE but rather a JWS token; however the payload is encrypted. In such a case, how do we decrypt to get the payload claims data. OR is my approach not the right way to do it
Please let us know if there is any example of how to consume the CAS JWT service ticket at the client end OR any pointers to how do we go about the decryption of the payload would be of great help.

Any help would be really appreciated as we have been struggling to resolve this issue since last 4-5 days.

Thanks in advance,

Best Regards,

DN

Devi Nair

unread,

Feb 2, 2018, 7:57:42 AM2/2/18

to CAS Community

Hi,

With regards to below, it would be really great if anyone could help sort out this issue or atleast confirm whether its feasible or not using the current CAS version.

I had managed to get the JWT claim data from Java CAS client and using the 'EncodingUtils' class from the CAS codebase. However I am at loss while trying to get the same data via javascript using some of the standard npm packages.

Has anyone attempted to consume the JWT ticket generated by CAS at the client end using javascript and got success,

Please let me know if any further details are required from my end to address this issue.

Thanks & Regards,

Devi Nair

Man H

unread,

Feb 2, 2018, 4:25:17 PM2/2/18

to cas-...@apereo.org

have a look at core/cas-server-core-util/src/main/java/org/apereo/cas/util/EncodingUtils.java

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a1e10cd6-b730-4194-b4eb-24f504cf959f%40apereo.org.

Reply all

Reply to author

Forward