CAS v5 - HA Setup - Encryption

[Elendrys Yagami]

Hello,

I've successfully setup a redundant CAS installation :
- Frontal Apache proxy with LoadBalancer module
- 2 backend CAS v5 server running in Tomcat 8.5
- Configuration stored in gitlab
- Couchbase Service Registry
- Couchbase Ticket Registry

So far I could make it work by specifying the TGC  encryption. I also successfully setup the webflow session encryption. But :
- I don't understand what is the difference between "Protocol Ticket Encryption" and the encryption parameters (for couchbase ticket registry)
- If I enable any of them CAS do not generate tickets anymore (I use autogenerated keys)

Config :

cas.ticket.registry.couchbase.crypto.signing.key=QWrj3P2gsI11Y2H2FSb6c5KQD9Z1JC5FVmp1Z5i9Q6U5GiUaYVQzAIAXtE4XwwTtGrNLcBvW_D6vlZy_n_-Qsw
cas.ticket.registry.couchbase.crypto.signing.keySize=512
cas.ticket.registry.couchbase.crypto.encryption.key=KdKKOLuJsUVPJYxo
cas.ticket.registry.couchbase.crypto.encryption.keySize=16
cas.ticket.registry.couchbase.crypto.alg=AES

##############################
# Protocol Ticket Encryption #
##############################

cas.ticket.security.cipherEnabled=true
cas.ticket.security.encryptionKey=MTmSWzsbcrZWoVCV
cas.ticket.security.signingKey=QWrj3P2gsI11Y2H2FSb6c5KQD9Z1JC5FVmp1Z5i9Q6U5GiUaYVQzAIAXtE4XwwTtGrNLcBvW_D6vlZy_n_-Qsw

I kind miss something here... Thank you for your guidance !