No Signing or Encryption Key
685 views
Skip to first unread message
Bob Dill
Aug 17, 2017, 5:16:26 PM8/17/17
to CAS Community
Hi All,
I've been working for the last couple of hours trying to resolve a problem I'm having with SSO. Inside the log, I'm getting the followng messages.
2017-08-17 16:06:03,688 WARN [org.apereo.cas.config.CasCoreTicketsConfiguration] - <Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during runtime will be LOST upon container restarts. This MAY impact SSO functionality.>
2017-08-17 16:06:10,889 WARN [org.apereo.cas.config.JsonServiceRegistryConfiguration] - <The location of service definitions [class path resource [services]] is on the classpath. It is recommended that the location of service definitions be externalized to allow for easier modifications and better sharing of the configuration.>
2017-08-17 16:06:16,959 WARN [org.apereo.cas.config.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that are made to service definitions during runtime WILL be LOST upon container restarts.>
2017-08-17 16:06:17,627 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined. CAS will attempt to auto-generate the signing key>
2017-08-17 16:06:17,628 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [3pIKmpeB_Jp8TlJjPYpztmokMosTY2KCJHmsBNUiyHTqOZptJOm5frEoObc3oYsRLdzTMAQw9Az5u9HWIsLh7A] of size [512]. The generated key MUST be added to CAS settings.>
2017-08-17 16:06:17,629 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <No encryption key is defined. CAS will attempt to auto-generate keys>
2017-08-17 16:06:17,629 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [dowykNbnHjRYVswF] of size [16]. The generated key MUST be added to CAS settings.>
2017-08-17 16:06:21,447 WARN [org.apache.catalina.util.SessionIdGeneratorBase] - <Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [3,730] milliseconds.>
At first I was also getting a complaint about undefined keys for Ticket-granting tickets, but I resolved this by setting the properties
cas.tgc.signingKey=<some long auto-generated value>
cas.tgc.encryptionKey=<some long auto-generated>
I know that I can get rid of this complaint if I only knew what property to set. I tried setting.
cas.ticket.security.encryptionKey=<generated value>
cas.ticket.security.signingKey=<some long generated value>
Setting those properties does not seem to work, and the official documentation doesn't give the property. It suggest that I look at all the properties, and there are tens of keys to try. Yay!
Anyone know the property? This installation is brand new with practically no customizations at this point. All I have done is added support for LDAP, and JSON Service Registry to mypom.xml file.
I've been working for the last couple of hours trying to resolve a problem I'm having with SSO. Inside the log, I'm getting the followng messages.
2017-08-17 16:06:03,688 WARN [org.apereo.cas.config.CasCoreTicketsConfiguration] - <Runtime memory is used as the persistence storage for retrieving and managing tickets. Tickets that are issued during runtime will be LOST upon container restarts. This MAY impact SSO functionality.>
2017-08-17 16:06:10,889 WARN [org.apereo.cas.config.JsonServiceRegistryConfiguration] - <The location of service definitions [class path resource [services]] is on the classpath. It is recommended that the location of service definitions be externalized to allow for easier modifications and better sharing of the configuration.>
2017-08-17 16:06:16,959 WARN [org.apereo.cas.config.CasCoreServicesConfiguration] - <Runtime memory is used as the persistence storage for retrieving and persisting service definitions. Changes that are made to service definitions during runtime WILL be LOST upon container restarts.>
2017-08-17 16:06:17,627 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Secret key for signing is not defined. CAS will attempt to auto-generate the signing key>
2017-08-17 16:06:17,628 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated signing key [3pIKmpeB_Jp8TlJjPYpztmokMosTY2KCJHmsBNUiyHTqOZptJOm5frEoObc3oYsRLdzTMAQw9Az5u9HWIsLh7A] of size [512]. The generated key MUST be added to CAS settings.>
2017-08-17 16:06:17,629 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <No encryption key is defined. CAS will attempt to auto-generate keys>
2017-08-17 16:06:17,629 WARN [org.apereo.cas.util.cipher.BaseBinaryCipherExecutor] - <Generated encryption key [dowykNbnHjRYVswF] of size [16]. The generated key MUST be added to CAS settings.>
2017-08-17 16:06:21,447 WARN [org.apache.catalina.util.SessionIdGeneratorBase] - <Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [3,730] milliseconds.>
At first I was also getting a complaint about undefined keys for Ticket-granting tickets, but I resolved this by setting the properties
cas.tgc.signingKey=<some long auto-generated value>
cas.tgc.encryptionKey=<some long auto-generated>
I know that I can get rid of this complaint if I only knew what property to set. I tried setting.
cas.ticket.security.encryptionKey=<generated value>
cas.ticket.security.signingKey=<some long generated value>
Setting those properties does not seem to work, and the official documentation doesn't give the property. It suggest that I look at all the properties, and there are tens of keys to try. Yay!
Anyone know the property? This installation is brand new with practically no customizations at this point. All I have done is added support for LDAP, and JSON Service Registry to mypom.xml file.
Bob Dill
Aug 17, 2017, 6:25:56 PM8/17/17
to CAS Community
Never mind. I guessed around and found that I had to set these.
cas.webflow.signing.key=<long key>
cas.webflow.signing.keySize=512
cas.webflow.encryption.keySize=16
cas.webflow.encryption.key=<short key>
cas.webflow.alg=AES
~ Bob
cas.webflow.signing.key=<long key>
cas.webflow.signing.keySize=512
cas.webflow.encryption.keySize=16
cas.webflow.encryption.key=<short key>
cas.webflow.alg=AES
~ Bob
Gena Batalski
Aug 17, 2017, 9:33:53 PM8/17/17
to cas-...@apereo.org
Nice to hear, but with cas 5.2.x they were also renamed:
cas.webflow.crypto.signing.key
cas.webflow.crypto.encryption.ke
Von meinem iPhone gesendet
> Am 18.08.2017 um 00:25 schrieb Bob Dill <rd...@cameron.edu>:
>
> N
cas.webflow.crypto.signing.key
cas.webflow.crypto.encryption.ke
Von meinem iPhone gesendet
> Am 18.08.2017 um 00:25 schrieb Bob Dill <rd...@cameron.edu>:
>
> N
Petr Gašparík - AMI Praha a.s.
Aug 18, 2017, 2:07:07 AM8/18/17
to CAS Community
Don't forget, if docs is wrong or missing, correct it and make a Pull Request. Thanks!
--
s pozdravem
Petr Gašparík | AMI Praha a.s. |
| ||||
| Textem tohoto e-mailu podepisující neslibuje uzavřít ani neuzavírá za společnost AMI Praha a.s. jakoukoliv smlouvu. Každá smlouva, pokud bude uzavřena, musí mít výhradně písemnou formu. | ||||||
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/2A6C9E7A-D270-4D75-A614-98E6F0C97EDC%40gmail.com.
Gena Batalski
Aug 18, 2017, 2:57:08 AM8/18/17
to cas-...@apereo.org
Hello Bob, if you on 5.2.0 try the pattern below. I think, the messages ares misleading and should be improved.
cas.tgc.crypto.encryption.key
cas.tgc.crypto.signing.key
Von meinem iPhone gesendet
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e474645f-75fd-4786-a43c-3cafaf4d5a09%40apereo.org.
Reply all
Reply to author
Forward
0 new messages