Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 15:39
    codecov[bot] commented #4719
  • 15:36

    mergify[bot] on master

    renovatebot(deps): update depen… (compare)

  • 15:36

    mergify[bot] on com.squareup.okhttp3-okhttp-4.x

    (compare)

  • 15:36
    mergify[bot] closed #4719
  • 14:42
    apereocas-bot labeled #4724
  • 14:41
    apereocas-bot milestoned #4724
  • 14:41
    apereocas-bot labeled #4724
  • 14:41
    claassistantio commented #4724
  • 14:40
    leleuj opened #4724
  • 14:29
    apereocas-bot labeled #4723
  • 14:28
    apereocas-bot milestoned #4723
  • 14:27
    claassistantio commented #4723
  • 14:27
    leleuj opened #4723
  • 14:22

    mergify[bot] on com.github.oshi-oshi-core-4.x

    (compare)

  • 14:22

    mergify[bot] on master

    renovatebot(deps): update depen… (compare)

  • 14:22
    mergify[bot] closed #4718
  • 13:22
    hdeadman commented #4696
  • 12:14
    apereocas-bot labeled #4722
  • 12:14
    apereocas-bot labeled #4722
  • 12:13
    apereocas-bot labeled #4718
napoleon211092
@napoleon211092
{"_id":{"$oid":"5e44c5fb756f214eb4ede2be"},"name":"cas.authn.token.crypto.enabled","value":"true"}
{"_id":{"$oid":"5e44c639756f214eb4ede2bf"},"name":"cas.authn.token.crypto.encryptionEnabled","value":"true"}
{"_id":{"$oid":"5e44c653756f214eb4ede2c0"},"name":"cas.authn.token.crypto.signing.key","value":"nvKNUdvgkUWzhVaPbyc5Q2r0KmLBO211GQ6OPqfLC-rnkiY06PCqQU0EkqyiM_ieu825tcYgTm7hSglO7xal8w"}
{"_id":{"$oid":"5e44c666756f214eb4ede2c1"},"name":"cas.authn.token.crypto.signing.keySize","value":"512"}
{"_id":{"$oid":"5e44c683756f214eb4ede2c2"},"name":"cas.authn.token.crypto.encryption.key","value":"sc_pkU5IZJeQL3wWK8pnp29iD5exI1EzZXpnbAfn0UM"}
{"_id":{"$oid":"5e44c691756f214eb4ede2c3"},"name":"cas.authn.token.crypto.encryption.keySize","value":"256"}
  1. Add this to mongo DB (I config CAS read config from MongoDB not file)
  1. Register service
    1. Register service
root@casoverlay:/etc/cas/services-repo# cat token.json
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "exampleOauthClient",
"clientSecret": "exampleOauthClientSecret",
"serviceId" : "^https://casoverlay.vdc2.com.vn:9999/.*",
"name" : "OAUTHTOKEN",
"jwtAccessToken": true,
"id" : 5555,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "cn", "mail", "sn" ] ]
},
"supportedGrantTypes": [ "java.util.HashSet", [ "password" ] ],
"properties" : {
"@class" : "java.util.HashMap",
"accessTokenAsJwtSigningKey" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "" ] ]
},
"accessTokenAsJwtEncryptionKey" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "" ] ]
},
"accessTokenAsJwtSigningEnabled" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "true" ] ]
},
"accessTokenAsJwtEncryptionEnabled" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "true" ] ]
}
}
}
but when I login to cas-oauth-client, it show this error
image.png
Cardo Kambla
@CardoKambla
You have defined your access tokens as a empty string in your service
CAS usually generates these keys automatically
if you define them yourself, then it will not generate them
napoleon211092
@napoleon211092
@CardoKambla I have filled, two value of "accessTokenAsJwtSigningKey" and "accessTokenAsJwtEncryptionKey" like this
root@casoverlay:/etc/cas/services-repo# cat token.json
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "exampleOauthClient",
"clientSecret": "exampleOauthClientSecret",
"serviceId" : "^https://casoverlay.vdc2.com.vn:9999/.*",
"name" : "OAUTHTOKEN",
"jwtAccessToken": true,
"id" : 5555,
"attributeReleasePolicy" : {
"@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
"allowedAttributes" : [ "java.util.ArrayList", [ "cn", "mail", "sn" ] ]
},
"supportedGrantTypes": [ "java.util.HashSet", [ "password" ] ],
"properties" : {
"@class" : "java.util.HashMap",
"accessTokenAsJwtSigningKey" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "nvKNUdvgkUWzhVaPbyc5Q2r0KmLBO211GQ6OPqfLC-rnkiY06PCqQU0EkqyiM_ieu825tcYgTm7hSglO7xal8w" ] ]
},
"accessTokenAsJwtEncryptionKey" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "sc_pkU5IZJeQL3wWK8pnp29iD5exI1EzZXpnbAfn0UM" ] ]
},
"accessTokenAsJwtSigningEnabled" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "true" ] ]
},
"accessTokenAsJwtEncryptionEnabled" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "true" ] ]
}
}
}
Two value is same value with cas config ( store in mongoDB)
{"_id":{"$oid":"5e4515ba756f214eb4ede2ce"},"name":"cas.authn.token.crypto.encryption.key","value":"sc_pkU5IZJeQL3wWK8pnp29iD5exI1EzZXpnbAfn0UM"}
{"_id":{"$oid":"5e4515cb756f214eb4ede2cf"},"name":"cas.authn.token.crypto.signing.key","value":"nvKNUdvgkUWzhVaPbyc5Q2r0KmLBO211GQ6OPqfLC-rnkiY06PCqQU0EkqyiM_ieu825tcYgTm7hSglO7xal8w"}
{"_id":{"$oid":"5e4515eb756f214eb4ede2d0"},"name":"cas.authn.token.crypto.enabled","value":"true"}
{"_id":{"$oid":"5e451619756f214eb4ede2d1"},"name":"cas.authn.token.crypto.encryptionEnabled","value":"true"}
{"_id":{"$oid":"5e451630756f214eb4ede2d2"},"name":"cas.authn.token.crypto.signingEnabled","value":"true"}
But it still same error above
image.png
image.png
I am using CAS 6.0.x
Cardo Kambla
@CardoKambla
you are requesting OAuth2 grant type authorization code (as it says before the error) but your service defines only password grant type
napoleon211092
@napoleon211092

here is the supported grant types https://apereo.github.io/cas/development/installation/OAuth-OpenId-Authentication.html#responsegrant-types

I edit my service register (.json file) like this

root@casoverlay:/etc/cas/services-repo# cat oauth-jwt.json
{
"@class" : "org.apereo.cas.support.oauth.services.OAuthRegisteredService",
"clientId": "exampleOauthClient",
"clientSecret": "exampleOauthClientSecret",
"serviceId" : "^https://casoverlay.vdc2.com.vn:9999/.*",
"name" : "OAuthService",
"id" : 6666,
"jwtAccessToken": true,
"properties" : {
"@class" : "java.util.HashMap",
"accessTokenAsJwtSigningKey" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "nvKNUdvgkUWzhVaPbyc5Q2r0KmLBO211GQ6OPqfLC-rnkiY06PCqQU0EkqyiM_ieu825tcYgTm7hSglO7xal8w" ] ]
},
"accessTokenAsJwtEncryptionKey" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "sc_pkU5IZJeQL3wWK8pnp29iD5exI1EzZXpnbAfn0UM" ] ]
},
"accessTokenAsJwtSigningEnabled" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "true" ] ]
},
"accessTokenAsJwtEncryptionEnabled" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "true" ] ]
},
"accessTokenAsJwtCipherStrategyType" : {
"@class" : "org.apereo.cas.services.DefaultRegisteredServiceProperty",
"values" : [ "java.util.HashSet", [ "ENCRYPT_AND_SIGN" ] ]
}
}
}
Then I login cas-oauth-client again, it's success, but the reponse is
I want to it respone me jwt token like this "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" not "AT-1-6q1eB5xY6QFMgsrr7HO3AgD1Z0VudATs"
How to fix this?
Mr @CardoKambla please help me.
Cardo Kambla
@CardoKambla
try to remove properties json and see if it works without it
it generates it automatically so you can see if the problem exists in the keys or not
napoleon211092
@napoleon211092
did you generate the keys with these instructions ? https://apereo.github.io/cas/6.1.x/configuration/Configuration-Properties-Common.html#signing--encryption
I beginning have conflict in my brain, I thought this key is auto generate and I get it in cas log when I build it. Is that right? Like this?
  • <Secret key for encryption is not defined for [Token/JWT Tickets]; CAS will attempt to auto-generate the encryption key>
    • <Generated encryption key [sc_pkU5IZJeQL3wWK8pnp29iD5exI1EzZXpnbAfn0UM] of size [256] for [Token/JWT Tickets]. The generated key MUST be added to CAS settings under setting [cas.authn.token.crypto.encryption.key].>

    • <Secret key for signing is not defined for [Token/JWT Tickets]. CAS will attempt to auto-generate the signing key>

    • <Generated signing key [nvKNUdvgkUWzhVaPbyc5Q2r0KmLBO211GQ6OPqfLC-rnkiY06PCqQU0EkqyiM_ieu825tcYgTm7hSglO7xal8w] of size [512] for [Token/JWT Tickets]. The generated key MUST be added to CAS settings under setting [cas.authn.token.crypto.signing.key].>

try to remove properties json and see if it works without it

Can you explain it clearly, Mr @CardoKambla ? I will show you my dependencies and all CAS config bellow

dependencies {
compile "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}"
// Other CAS dependencies/modules may be listed here...
// For register service mongoDB
compile "org.apereo.cas:cas-server-support-mongo-service-registry:6.0.0"
// For load config from mongoDB
compile "org.apereo.cas:cas-server-support-configuration-cloud-mongo:6.0.0"
// For authen user from mongoDB
compile "org.apereo.cas:cas-server-support-mongo:6.0.0"
// For REST API
compile "org.apereo.cas:cas-server-support-rest:6.0.0"
compile "org.apereo.cas:cas-server-support-rest-services:6.0.0"
//compile "org.apereo.cas:cas-server-support-json-service-registry:6.0.0"
// For OAUTH2
compile "org.apereo.cas:cas-server-support-oauth-webflow:6.0.0"
//MongoDb Ticket Registry
compile "org.apereo.cas:cas-server-support-mongo-ticket-registry:6.0.0"
//JWT support
compile "org.apereo.cas:cas-server-support-token-tickets:6.0.0"
compile "org.apereo.cas:cas-server-support-rest-tokens:6.0.0"
compile "org.apereo.cas:cas-server-support-token-webflow:6.0.0"
compile "org.apereo.cas:cas-server-support-rest-authentication:6.0.0"
}
@CardoKambla
napoleon211092
@napoleon211092
Mr @CardoKambla please explain it clearly. Thank you in advance.
Cardo Kambla
@CardoKambla
Comment out your JSON service file properties field and see if it works without it.
napoleon211092
@napoleon211092
@CardoKambla I mailed to Mr mmoayyed and I have info version 6.0.x not support JWT. Now I update my CAS to 6.1 and test again
Cardo Kambla
@CardoKambla
@napoleon211092 awesome, did not notice the version number before, now that I checked CAS documentation then I saw that there is no JWT access token documentation in version 6.0.x
6.1.x version has JWT access token documentation
VikashChandra1996
@VikashChandra1996
Hello everyone
I have one small query, when a user adds incorrect password for more than 3 times as set by me, account locked error message is shown on different page. My requirement is to add the same msg on my login page
napoleon211092
@napoleon211092
@CardoKambla Yes Mr @CardoKambla , I will upgrade my CAS server. And check again. Thank you for your response. :D
napoleon211092
@napoleon211092
@CardoKambla I build CAS version 6.1
anh I have this warning

1 2020-02-17 22:30:10,722 WARN [org.springframework.cloud.config.client.ConfigServicePropertySourceLocator] - <Could not locate PropertySource: I/O error on GET request for "http://localhost:8888/cas/mongodb": Connection refused (Connection refused); nested exception is java.net.ConnectException: Connection refused (Connection refused)>
2020-02-17 22:30:10,992 WARN [org.springframework.data.mongodb.core.index.MongoPersistentEntityIndexCreator] - <Automatic index creation will be disabled by default as of Spring Data MongoDB 3.x.
Please use 'MongoMappingContext#setAutoIndexCreation(boolean)' or override 'MongoConfigurationSupport#autoIndexCreation()' to be explicit.
However, we recommend setting up indices manually in an application ready block. You may use index derivation there as well.

    > -----------------------------------------------------------------------------------------
    > @EventListener(ApplicationReadyEvent.class)
    > public void initIndicesAfterStartup() {
    >
    >     IndexOperations indexOps = mongoTemplate.indexOps(DomainType.class);
    >
    >     IndexResolver resolver = new MongoPersistentEntityIndexResolver(mongoMappingContext);
    >     resolver.resolveIndexFor(DomainType.class).forEach(indexOps::ensureIndex);
    > }
    > -----------------------------------------------------------------------------------------

>

and
2020-02-17 13:53:46,779 WARN [org.springframework.data.convert.CustomConversions] - <Registering converter from class java.time.LocalDateTime to class org.joda.time.LocalDateTime as reading converter although it doesn't convert from a store-supported type! You might wanna check you annotation setup at the converter implementation.> 2020-02-17 13:53:46,779 WARN [org.springframework.data.convert.CustomConversions] - <Registering converter from class java.time.LocalDateTime to class java.time.Instant as reading converter although it doesn't convert from a store-supported type! You might wanna check you annotation setup at the converter implementation.>
2020-02-17 13:53:46,779 WARN [org.springframework.data.convert.CustomConversions] - <Registering converter from class java.time.Instant to class java.time.LocalDateTime as reading converter although it doesn't convert from a store-supported type! You might wanna check you annotation setup at the converter implementation.> 2020-02-17 13:53:46,780 WARN [org.springframework.data.convert.CustomConversions] - <Registering converter from class java.time.LocalDateTime to class org.joda.time.LocalDateTime as reading converter although it doesn't convert from a store-supported type! You might wanna check you annotation setup at the converter implementation.>
2020-02-17 13:53:46,781 WARN [org.springframework.data.convert.CustomConversions] - <Registering converter from class java.time.LocalDateTime to class org.joda.time.LocalDateTime as reading converter although it doesn't convert from a store-supported type! You might wanna check you annotation setup at the converter implementation.>
Do you know, how to fix this?
napoleon211092
@napoleon211092
Please help me
MAHMUD PRATOWO
@MrPratowo
kok kesini peerginya