Hi,
I try to install on a Redhat 7 apache with ssl(proxy ajp), Cas 4.2.3 and
use SPENGO to authenticate active directory users.
On my CAS web page i have CAS is Unavailable.
On the cas log i have when i start the service tomcat :
2016-07-20 08:46:40,327 ERROR [org.jasig.cas.util.WebflowCipherExecutor] -
Unable to init cipher instance.
org.apache.shiro.crypto.CryptoException: Unable to init cipher instance.
at org.apache.shiro.crypto.JcaCipherService.init(JcaCipherService.java:495)
at
org.apache.shiro.crypto.JcaCipherService.initNewCipher(JcaCipherService.java:598)
at
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:444)
at
org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:324)
at
org.apache.shiro.crypto.JcaCipherService.encrypt(JcaCipherService.java:313)
...
Caused by: java.security.InvalidKeyException: Invalid AES key length: 45
bytes
at com.sun.crypto.provider.AESCrypt.init(AESCrypt.java:87)
at
com.sun.crypto.provider.CipherBlockChaining.init(CipherBlockChaining.java:91)
at com.sun.crypto.provider.CipherCore.init(CipherCore.java:582)
at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:339)
at javax.crypto.Cipher.implInit(Cipher.java:806)
at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
at javax.crypto.Cipher.init(Cipher.java:1396)
at javax.crypto.Cipher.init(Cipher.java:1327)
at org.apache.shiro.crypto.JcaCipherService.init(JcaCipherService.java:488)
on my cas.properties file i have :
tgc.encryption.key=lL584cXnVa0xAVBLdvQAIoU5m_lAZeaJYbW-K2alO-A
tgc.signing.key=SfRb-OdrHCwf8cxad2uoyhKVCzjqezGlakCCw3QsoSZ_A3Eg-nze_Km8eE8ctbLckjEqA1Rr5n5ij4PIyKSCTA
webflow.encryption.key='qRjMaAQM9tICWG6r_LUAgQBhhWt0oRbMCZ-yvFblO80'
webflow.signing.key='FGfTTobRuvB5tYuRMr8CXrNa9-SeMv6ZQksatx6tuPRzmZpD2v0MKJRM4tDsBimmmwzbUF1kdbmkFzzPG3c1wQ'
# SPNEGO Authentication
#
cas.spnego.ldap.attribute=spnegoattribute
cas.spnego.ldap.filter=host={0}
cas.spnego.ldap.basedn=
cas.spnego.hostname.pattern=.+
cas.spnego.ip.pattern=
cas.spnego.alt.remote.host.attribute
cas.spengo.use.principal.domain=false
cas.spnego.ntlm.allowed=true
cas.spnego.kerb.debug=true
cas.spnego.kerb.realm=TESTO.LOCAL
cas.spnego.kerb.kdc=10.10.50.25
cas.spnego.login.conf.file=/opt/cas-4.2.3/cas-server-webapp/src/main/webapp/WEB-INF/login.conf
cas.spnego.jcifs.domain=
cas.spnego.jcifs.domaincontroller=
cas.spnego.jcifs.netbios.cache.policy:600
cas.spnego.jcifs.netbios.wins=
cas.spnego.jcifs.password=
cas.spnego.jcifs.service.password=
cas.spnego.jcifs.socket.timeout:300000
cas.spnego.jcifs.username=
cas.spnego.kerb.conf=
cas.spnego.ntlm=false
cas.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
cas.spnego.mixed.mode.authn=false
cas.spnego.send.401.authn.failure=false
cas.spnego.principal.resolver.transform=NONE
cas.spnego.service.principal=HTTP/[email protected]
thanks for your help
good day
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/76c3ce4a-355a-4751-aaef-0665451d1a9b%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
