i am using 4.2.7 and notice this warning (did not change default setting). I have set tgc.encryption.key and tgc.signing.key
is this a bug in 4.2.7 or I am missing something. On Wednesday, May 10, 2017 at 9:18:09 PM UTC-7, [email protected] wrote: > > Hi, have you solved this? i am using 4.2.7, also notice this warning, is > this a bug considering that cookie cipher has been enabled by default? > > 在 2016年12月8日星期四 UTC+8下午11:13:58,satnam写道: >> >> Hello, even when I am trying to use default >> >> *deployerConfigContext.xml and I am getting warining >> *org.jasig.cas.util.NoOpCipherExecutor >> does no encryption and may NOT be safe in a production environment. >> Consider using other choices. How can I reference other options? >> >> >> In >> *deployerConfigContext.xml, * <alias name="tgcCipherExecutor" >> alias="defaultCookieCipherExecutor" /> >> >> >> >> To disable the cipher configuration for the SSO session cookie, we can >> include following two lines in *deployerConfigContext.xml,* but to to >> enable it? if it is enabled by default, then why I am getting warning? >> >> >> https://apereo.github.io/cas/4.2.x/installation/Configuring-SSO-Session-Cookie.html >> >> <alias name="noOpCookieValueManager" alias="defaultCookieValueManager" >> /><alias name="noOpCipherExecutor" alias="defaultCookieCipherExecutor" /> >> >> >> >> >> >> Thanks for help >> >> =============== >> 2016-12-06 07:26:46 Commons Daemon procrun stdout initialized >> 2016-12-06 07:27:06,249 INFO >> [org.jasig.cas.support.saml.SamlServletContextListener] - <Starting up >> servlet application context...> >> 2016-12-06 07:27:06,405 INFO >> [org.jasig.cas.CasEnvironmentContextListener] - < >> ******************** Welcome to CAS ******************* >> CAS Version: 4.2.7 >> Build Date/Time: 1969-12-31T16:00:00.000-08:00 >> Java Home: E:\jre8u112 >> Java Vendor: Oracle Corporation >> Java Version: 1.8.0_112 >> OS Architecture: amd64 >> OS Name: Windows Server 2008 R2 >> OS Version: 6.1 >> ******************************************************* >> > >> 2016-12-06 07:27:13,192 INFO >> [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 110 services >> from gov.ca.post.PostServiceRegistryDaoImpl@7b6bb8c9.> >> 2016-12-06 07:27:13,597 INFO >> [org.jasig.cas.services.DefaultServicesManagerImpl] - <Services manager >> will reload service definitions every 60 seconds> >> 2016-12-06 07:27:16,359 INFO [org.jasig.cas.ServiceRegistryInitializer] - >> <The service registry database will not be initialized from default JSON >> services. If the service registry database is empty, CAS will refuse to >> authenticate services until service definitions are added to the database.> >> 2016-12-06 07:27:16,452 INFO >> [org.jasig.cas.ticket.registry.TicketRegistryCleaner] - <Preparing to >> schedule job to clean up after tickets...> >> 2016-12-06 07:27:16,452 INFO >> [org.jasig.cas.ticket.registry.TicketRegistryCleaner] - >> <TicketRegistryCleaner will clean tickets every 2 minutes> >> *2016-12-06 07:27:16,546 WARN [org.jasig.cas.util.NoOpCipherExecutor] - >> <[org.jasig.cas.util.NoOpCipherExecutor] does no encryption and may NOT be >> safe in a production environment. Consider using other choices, such as >> [org.jasig.cas.util.BaseStringCipherExecutor] that handle encryption, >> signing and verification of all appropriate values.>* >> 2016-12-06 07:27:16,639 WARN [org.jasig.cas.util.WebflowCipherExecutor] - >> <Secret key for signing is not defined. CAS will attempt to auto-generate >> the signing key> >> 2016-12-06 07:27:16,639 WARN [org.jasig.cas.util.WebflowCipherExecutor] - >> <Generated signing key >> Hw0rXiTss7ZAfbKeEFjOrAsaZvxiT0mJKB33zprVHJ4wbiyV_P7IVdWGAvhjIz12ndI_dOVTlrynEbTZUaMhyg >> >> of size 512. The generated key MUST be added to CAS settings.> >> 2016-12-06 07:27:16,639 WARN [org.jasig.cas.util.WebflowCipherExecutor] - >> <No encryption key is defined. CAS will attempt to auto-generate keys> >> 2016-12-06 07:27:16,639 WARN [org.jasig.cas.util.WebflowCipherExecutor] - >> <Generated encryption key GKHpOuzwiPnSianW of size 16. The generated key >> MUST be added to CAS settings.> >> 2016-12-06 07:27:16,873 INFO >> [org.jasig.cas.support.saml.SamlServletContextListener] - <Initializing >> SamlServletContextListener root application context> >> 2016-12-06 07:27:16,873 INFO >> [org.jasig.cas.support.saml.SamlServletContextListener] - <Initialized >> SamlServletContextListener root application context successfully> >> 2016-12-06 07:27:16,873 INFO >> [org.jasig.cas.support.saml.SamlServletContextListener] - <Initializing >> SamlServletContextListener servlet application context> >> 2016-12-06 07:27:17,341 INFO >> [org.jasig.cas.support.saml.SamlServletContextListener] - <Initialized >> SamlServletContextListener servlet application context successfully> >> >> >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4bdd83d0-679e-48a5-8ef2-8611b87481a5%40apereo.org.
