Problems with rotation OIDC-JWKS in CAS V.7.2.* and V.7.3.*

10 views

Skip to first unread message

Xavier Rodríguez

unread,

Oct 15, 2025, 9:31:47 AM (5 days ago) Oct 15

to CAS Community

Hi,

I'm trying to set up jwks file key rotation on my CAS server, but I'm not able to.

The default value for this property is:

# Type: java.lang.Boolean
# Module: cas-server-core-util
# Owner: org.apereo.cas.configuration.model.support.quartz.SchedulingProperties
#
# Whether scheduler should be enabled to schedule the job to run.
#
# cas.authn.oidc.jwks.rotation.schedule.enabled: true

Then I set the variable in my .yml:

cas.authn.oidc.jwks.rotation.schedule.cron-expression: 0/2 0 * * ?

But it never runs.

Instead, revocation works well:

cas.authn.oidc.jwks.revocation.schedule.cron-expression: 0 55 12 * * *

In the source code:

- https://github.com/apereo/cas/blob/master/support/cas-server-support-oidc/src/main/java/org/apereo/cas/config/OidcJwksConfiguration.java

I can see a difference in the definition of the two schedulers:

Rotation:

.when(BeanCondition.on("cas.authn.oidc.jwks.rotation.schedule").isTrue().given(applicationContext.getEnvironment()))

Revocation:

.when(BeanCondition.on("cas.authn.oidc.jwks.revocation.schedule.enabled").isTrue().given(applicationContext.getEnvironment()))

In the definition of rotation, should it be like this for it to work well?

.when(BeanCondition.on("cas.authn.oidc.jwks.rotation.schedule.enabled").isTrue().given(applicationContext.getEnvironment()))

Best regards!

- Xavier -

Reply all

Reply to author

Forward

0 new messages