OAuth in CAS 6.5.6: Encryption and signing not enabled

18 views
Skip to first unread message

Agustín Ezequiel Pereyra

unread,
Aug 9, 2022, 1:49:45 PMAug 9
to CAS Community
Hello,

I'm testing Apereo CAS 6.5.6. I enabled OAuth2.0 in order to use CAS as an OAuth server, and applyied the following configuration (based on what is showed at https://fawnoos.com/2019/11/04/cas62x-oauth-jwt-access-token/https://apereo.github.io/cas/6.3.x/configuration/Configuration-Properties-Common.html#signing--encryption and https://apereo.github.io/cas/6.3.x/installation/OAuth-OpenId-Authentication.html):

cas.properties:

cas.authn.oauth.access-token.crypto.encryption.key=${TOKEN_ENCRYPTION_KEY}
cas.authn.oauth.access-token.crypto.signing.key=${TOKEN_SIGNING_KEY}
cas.authn.oauth.crypto.encryption.key=${ENCRYPTION_KEY}
cas.authn.oauth.crypto.signing.key=${SIGNING_KEY}
cas.authn.oauth.access-token.crypto.encryption-enabled=true
cas.authn.oauth.access-token.crypto.signing-enabled=true

As you can see, I am enabling encription and signing of JWT OAuth tokens. Yet, when I start the Apereo CAS instance, I get the message:

INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Encryption is not enabled for [Token/JWT Tickets]. The cipher [OAuth20RegisteredServiceJwtAccessTokenCipherExecutor] will only attempt to produce signed objects> 
INFO [org.apereo.cas.util.cipher.BaseStringCipherExecutor] - <Signing is not enabled for [Token/JWT Tickets]. The cipher [OAuth20RegisteredServiceJwtAccessTokenCipherExecutor] will attempt to produce plain objects>

Does someone know what might be causing this message to appear? Why would be CAS ignoring the properties I set in order to enable signing and encription of the OAuth JWT?

Any help would be appreciated,
Reply all
Reply to author
Forward
0 new messages